IAM user activity can be audited using AWS CloudTrail, which records API calls made by or on behalf of IAM users. These logs can be analyzed to track user activity and identify potential security issues.
Example CloudTrail Configuration:
{
"TrailName": "MyTrail",
"S3BucketName": "my-cloudtrail-bucket",
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true,
"EnableLogFileValidation": true
}