Updated on 2024-12-10 GMT+08:00

Last Login Check

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

iam-user-last-login-check

Identifier

iam-user-last-login-check

Description

If an IAM user has not logged in to the system within the specified period of time, this user is non-compliant.

Tag

iam

Trigger Type

Periodic

Filter Type

iam.users

Configure Rule Parameters

allowedInactivePeriod: the specified period of time. The value must be an integer. The default value is 90.

Applicable Scenario

This rule helps you identify idle IAM users to improve account security

Solution

You can use noncompliant IAM users to log in to Huawei Cloud console or delete these users as needed. For more details, see Logging In as an IAM User and Deleting an IAM User.

Rule Logic

  • If an IAM user is disabled, this user is compliant.
  • If an IAM user is not allowed to access the management console, this user is compliant.
  • If an enabled IAM user who is allowed to access the management console has logged in to the system within the specified period of time, this user is compliant.
  • If an enabled IAM user who is allowed to access the management console has not logged in to the system within the specified period of time, this user is noncompliant.