Question #745
A company needs to audit the usage of multi-factor authentication (MFA) devices and the last-used timestamps for IAM access keys across its AWS account for compliance reporting. Which AWS service or tool should be used to gather this information?
IAM Access Analyzer
AWS Artifact
IAM credential report
AWS Audit Manager
Explanation
The IAM credential report (Option C) is the correct choice because it generates a CSV report listing all IAM users in the account, including:
1. Whether an MFA device is enabled for each user.
2. The last time each access key was used.
This directly addresses the compliance requirements for auditing MFA usage and access key activity.
Why other options are incorrect:
- A. IAM Access Analyzer: Focuses on identifying unintended resource access (e.g., S3 buckets, IAM roles) and does not track MFA or access key usage.
- B. AWS Artifact: Provides compliance reports (e.g., SOC, PCI) but does not include account-specific details like IAM credential usage.
- D. AWS Audit Manager: Automates evidence collection for audits but does not directly provide MFA status or access key last-used timestamps.
Key Points:
- Use IAM credential reports for auditing IAM user credentials, MFA status, and access key activity.
- Compliance reporting often requires tracking MFA adoption and access key usage patterns.
Answer
The correct answer is: C