Deactivate Expired AWS IAM Access Keys Using Queries
Find expired keys using a query step, deactivate them, and send a notification.
Requirements
Docker daemon must be installed and running. Please see Install Docker Engine for more information.
Getting Started
Installation
Download and install Flowpipe (https://flowpipe.io/downloads) and Steampipe (https://steampipe.io/downloads). Or use Brew:
brew install turbot/tap/flowpipebrew install turbot/tap/steampipeInstall the AWS plugin with Steampipe:
steampipe plugin install awsSteampipe will automatically use your default AWS credentials. Optionally, you can setup multiple accounts or customize AWS credentials.
Create a credential_import resource to import your Steampipe AWS connections:
vi ~/.flowpipe/config/aws.fpccredential_import "aws" { source = "~/.steampipe/config/aws.spc" connections = ["*"]}For more information on importing credentials, please see Credential Import.
For more information on credentials in Flowpipe, please see Managing Credentials.
Clone:
git clone https://github.com/turbot/flowpipe-samples.gitcd public_cloud/notify_new_aws_iam_access_keysUsage
Start the Steampipe service:
steampipe service startRun the pipeline:
flowpipe pipeline run deactivate_expired_aws_iam_access_keys_using_query_stepNotifiers
By default, all messages will be sent to the terminal. You can setup an integration and a notifier to send the notification through email, Slack, or any other supported integration.
To send messages through email instead:
vi ~/.flowpipe/config/integrations.fpcintegration "email" "default" { smtp_tls = "required" smtps_port = 587 smtp_host = "smtp.gmail.com" smtp_username = "dwight@dmi.com" smtp_password = env("MY_EMAIL_PASSWORD") from = "dwight@dmi.com"}
notifier "my_email" { notify { integration = integration.email.default to = ["security@dmi.com"] }}Then set the notifier variable:
cp flowpipe.fpvars.example flowpipe.fpvarsvi flowpipe.fpvars# Set the notifier to use for inputs and messages# Defaults to the "default" notifiernotifier = "my_email"