standard
turbot/aws_compliance

Pipeline: Correct IAM users with more than one active key

Runs corrective action to delete extra IAM user active keys.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run aws_compliance.pipeline.correct_iam_users_with_more_than_one_active_key \
--arg 'items=<list(object({
title = string
user_name = string
access_key_id_1 = string
access_key_1_last_used_date = string
access_key_1_age = string
access_key_1_last_used_in_days = string
access_key_id_2 = string
access_key_2_last_used_date = string
access_key_2_age = string
access_key_2_last_used_in_days = string
conn = string
}))>'

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = aws_compliance.pipeline.correct_iam_users_with_more_than_one_active_key
args = {
items = <list(object({
title = string
user_name = string
access_key_id_1 = string
access_key_1_last_used_date = string
access_key_1_age = string
access_key_1_last_used_in_days = string
access_key_id_2 = string
access_key_2_last_used_date = string
access_key_2_age = string
access_key_2_last_used_in_days = string
conn = string
}))>
}
}

Params

NameTypeRequiredDescriptionDefault
items
list(object({
      title                          = string
      user_name                      = string
      access_key_id_1                = string
      access_key_1_last_used_date    = string
      access_key_1_age               = string
      access_key_1_last_used_in_days = string
      access_key_id_2                = string
      access_key_2_last_used_date    = string
      access_key_2_age               = string
      access_key_2_last_used_in_days = string
      conn                           = string
    }))
YesA collection of detected resources to run corrective actions against.-
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
verbose, info, error
YesThe verbosity level of notification messages to send.info
approvers
list(notifier)
YesList of notifiers to be used for obtaining action/approval decisions.notifier.default
default_action
string
notify, skip, deactivate_access_key_1, deactivate_access_key_2
YesThe default action to use when there are no approvers.notify
enabled_actions
list(string)
skip, deactivate_access_key_1, deactivate_access_key_2
YesThe list of enabled actions approvers can select.
[
"skip",
"deactivate_access_key_1",
"deactivate_access_key_2"
]

Outputs

This pipeline has no outputs.

Tags

category = Compliance
folder = Internal
mod = aws
service = AWS/IAM