Skip to main content

AWS Access Report

In a Nutshell
What will I learn?In this tutorial we will generate a simple access report that shows current access controls present in a specific AWS account, broken down by type.

What you'll need

Software & Services

Permissions & Access

AWS provide an existing ReadOnlyAccess IAM Policy that covers all of the permissions needed for this tutorial. You can simply attach this AWS provided IAM Policy to your existing IAM User, Group or Role

Attach Existing IAM Policy
Screenshot: Attach Existing IAM Policy


In each of the examples below we will take advantage of several of the environment variables that are loaded and set when we activate a set of credentials in AWSH

env | grep ^AWS_
AWS_SESSION_EXPIRATION=2022-11-28 16:05:01
AWS_ID_NAME=dummy-account/[email protected]

We will use these environment variables to generate useful report names

This tutorial also makes use of one of the built-in commands available in AWSH awsh report-access which allows us to generate our output report in multiple formats. To find out more about all of the helper commands and utilities available in AWSH check out the full documentation here.

The report will generate file within the current directory or in the specified directory for any of the specified formats.

Simple Format Report

  • Create a simple text access report

    awsh report-access

    Take a we have a lot of API calls to make, it will take a few moments to complete.

  • Here is a sample output generated from the access report (simple)

    AWS Access Report: Account 1234567890123

    AWS Account : 1234567890123
    AWS Account Alias : aws-hestio-test
    Created from AWS Region : eu-west-1
    Created By : XXXX
    Created Date : Fri Feb 17 13:56:29 UTC 2023


    user arn user_creation_time password_enabled password_last_used password_last_changed mfa_active access_key_1_last_used_date
    ----------------- ------------------------------------------------ ------------------------- ------------------ ------------------------- ----------------------- ------------ -----------------------------
    <root_account> arn:aws:iam::1234567890123:root 2021-09-27T08:42:30+00:00 not_supported 2023-01-04T08:27:40+00:00 not_supported true N/A
    luk-awsh-tutorial arn:aws:iam::1234567890123:user/luk-awsh-tutorial 2022-06-01T11:52:44+00:00 false N/A N/A true 2023-02-17T11:43:00+00:00


    None found


    Policies InstanceProfiles Users Providers AccountMFAEnabled GlobalEndpointTokenVersion Groups AccountSigningCertificatesPresent MFADevices PolicyVersionsInUse ServerCertificates Roles MFADevicesInUse AccountAccessKeysPresent
    ---------- ------------------ ------- ----------- ------------------- ---------------------------- -------- ----------------------------------- ------------ --------------------- -------------------- ------- ----------------- --------------------------
    21 8 2 1 1 1 6 0 6 49 1 46 5 0

Markdown Format Report

  • Get the data from the AWS API

    awsh report-access -f pipe

    Take a we have a lot of API calls to make, it will take a few moments to complete.

  • The Markdown format report is plain text but can be converted into many other common formats (HTML, PDF, MS Word, etc). One of our favourite online converters is or the extensions available for Microsoft VS Code

Rendered Markdown Report
Screenshot: Rendered Markdown Report

HTML Format Report

Styling your HTML

The generated HTML automatically includes the Bootstrap framework and can be styled using any compatible CSS

  • Get the data from the AWS API

    awsh report-access -f html -d .

    Take a we have a lot of API calls to make, it will take a few moments to complete.

Now that you've had a look around why not check out the full documentation here.

Want to find out more?

At Hestio, we have taken our experience with designing and building on cloud to codify these patterns and made them available as a low-code pattern library for AWS. Why spend time and effort on reinventing the wheel when it's already a solved problem? Would you start developing office productivity software in a world where Microsoft Office already exists?

If you'd like to find out about worX, our low-code patterns library for AWS you can read more here or get in touch today to schedule a demo.

If you'd like to find out more about the products and services Hestio has to offer, select one of the options below.