Skip to main content
All CollectionsTemplatesBasic
Search for Unused or Inactive Roles in AWS IAM - Workflow Template
Search for Unused or Inactive Roles in AWS IAM - Workflow Template

Queries AWS for the IAM Roles and groups roles by Last Used and Never Used after a defined amount of days.

Updated over 6 months ago

This workflow template detects unused or inactive AWS IAM roles to enhance Identity and Access Management security. It queries IAM for role details, groups roles by last used or never used status, and filters based on specified days, identifying potential security risks for remediation.

Take Me to the Template

Optional Triggers

"This workflow should be used as a function."

Use Cases

Function, Identity and Access Management

Workflow Breakdown

  1. Queries AWS for RoleDetailList

  2. Groups roles without RoleLastUsed data and filters by the date of creation.

  3. Groups roles with RoleLastUsed data and filters by the date of last usage

Vendors

AWS, Utils

Workflow Output

Lists of grouped roles filtered by an amount of days.

Related Articles
Amazon Web Services
Isolate an AWS EC2 Instance by using tags (AWS) - Workflow Template
Handle Orca Alert for IAM Role with Admin Permissions - Workflow Template
Handle Wiz Alert for AWS Admin Principals Inactive Over 90 Days - Workflow Template
Delete an IAM User Account - Workflow Template
Did this answer your question?