AWS Identity and Access Management
API Reference (API Version 2010-05-08)


Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this API.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The name of the user to get information about.

This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: No

Response Elements

The following element is returned by the service.


A structure containing details about the IAM user.


Due to a service issue, password last used data does not include password use from May 3rd 2018 22:50 PDT to May 23rd 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this GetUser API. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3rd 2018. For users that signed in after May 23rd 2018 14:08 PDT, the returned password last used date is accurate.

If you use password last used information to identify unused credentials for deletion, such as deleting users who did not sign in to AWS in the last 90 days, we recommend that you adjust your evaluation window to include dates after May 23rd 2018. Alternatively, if your users use access keys to access AWS programmatically you can refer to access key last used information because it is accurate for all dates.

Type: User object


For information about the errors that are common to all actions, see Common Errors.


The request was rejected because it referenced an entity that does not exist. The error message describes the entity.

HTTP Status Code: 404


The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500


Sample Request &UserName=Bob &Version=2010-05-08 &AUTHPARAMS

Sample Response

<GetUserResponse xmlns=""> <GetUserResult> <User> <UserId>AIDACKCEVSQ6C2EXAMPLE</UserId> <Path>/division_abc/subdivision_xyz/</Path> <UserName>Bob</UserName> <Arn>arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob</Arn> <CreateDate>2013-10-02T17:01:44Z</CreateDate> <PasswordLastUsed>2014-10-10T14:37:51Z</PasswordLastUsed> </User> </GetUserResult> <ResponseMetadata> <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId> </ResponseMetadata> </GetUserResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: