What is IAM Access Advisor (Last Accessed)?
Access Advisor reports the services a principal is allowed to use and when each was last accessed, making it the primary signal for removing unused permissions.
For every IAM user, group, role, or policy, AWS records service last-accessed data. Reviewing it shows which granted services a principal has not touched in months, which are safe candidates for removal on the path to least privilege.
The data is available in the console and through the GenerateServiceLastAccessedDetails API, and newer versions extend it to action-level and resource-level last-accessed information for some services.
Common mistake
Granting permissions and never revisiting them. Without periodic Access Advisor review, unused permissions accumulate and become the surface area for privilege escalation.
Related terms
Analyze a real policy free
Shieldly's AI-Powered analyzer explains why an IAM policy is risky and returns the fix in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.
Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.