Reputation: 1215
Find out last activity of Service Account Key in GCP IAM
Is it possible to know the last activity of service account's key in GCP IAM, similar to AWS IAM's GetAccessKeyLastUsed? I was avoiding the option of monitoring the activity from GCP Stackdriver.
Upvotes: 6
Views: 4026
Answers (2)
Reputation: 11
You now have that feature on the Policy Analyzer. Currently, it can only be used via console, gcloud and API REST:
Console: IAM & Admin > Policy Analyzer > Analyze recent activity > When was the last time this service account was used? Preview
Comand line:
gcloud policy-intelligence query-activity(Documentation)API REST: Out of the box for cURL and PowerShell. I guess you can use the discovery build library to impement it on code, but I don't try it yet. (Documentation)
Upvotes: 1
Reputation: 2507
You can use Cloud Monitoring metrics [1] to monitor service account or service account key usage.
You can identify unused service accounts and keys by [2].
[1] https://cloud.google.com/iam/docs/service-account-monitoring
[2] https://cloud.google.com/iam/docs/service-account-monitoring#identify-unused
Upvotes: 2
Related Questions
- Programmatically get current Service Account on GCP
- Retrieve information from Google GCP Project Credentials API key
- Automated Notification of the expiry of Service Account Keys
- GCP IAM REST API Service account key issue
- Get current service account on GCR
- Finding IAM SA Keys Older than 89 Days in Google Cloud
- How to see the activity history of a resource on Google Cloud Platform (GCP)?
- How to found out, which instances are using which service accounts in GCP?
- GCP Download/Get Service Account Key
- Log Google Cloud Service Account key created in Python API script