To help you identify unused roles in your AWS accounts, AWS Identity and Access Management (IAM) now reports the latest timestamp when role credentials were used to make an AWS request. This information makes it easier for you or your security teams to identify and analyze unused roles and remove them confidently.  

from Recent Announcements: https://aws.amazon.com/about-aws/whats-new/2019/11/identify-unused-iam-roles-easily-and-remove-them-confidently-by-using-the-last-used-timestamp/