Deactivate Expired AWS IAM Keys with Approval
Find expired AWS IAM access keys and then prompt the user for a decision to either deactivate them or keep them active and send an alert.
Requirements
Docker daemon must be installed and running. Please see Install Docker Engine for more information.
Getting Started
Installation
Download and install Flowpipe (https://flowpipe.io/downloads) and Steampipe (https://steampipe.io/downloads). Or use Brew:
brew install turbot/tap/flowpipebrew install turbot/tap/steampipeInstall the AWS plugin with Steampipe:
steampipe plugin install awsSteampipe will automatically use your default AWS credentials. Optionally, you can setup multiple accounts or customize AWS credentials.
Create a credential_import resource to import your Steampipe AWS connections:
vi ~/.flowpipe/config/aws.fpccredential_import "aws" { source = "~/.steampipe/config/aws.spc" connections = ["*"]}For more information on importing credentials, please see Credential Import.
For more information on credentials in Flowpipe, please see Managing Credentials.
Clone:
git clone https://github.com/turbot/flowpipe-samples.gitcd public_cloud/notify_new_aws_iam_access_keysUsage
Start the Steampipe service:
steampipe service startStart the Flowpipe server:
flowpipe serverNotifiers
By default, all messages will be sent to the terminal. You can setup an integration and a notifier to send the notification through email, Slack, or any other supported integration.
To send messages through email instead:
vi ~/.flowpipe/config/integrations.fpcintegration "email" "default" { smtp_tls = "required" smtps_port = 587 smtp_host = "smtp.gmail.com" smtp_username = "dwight@dmi.com" smtp_password = env("MY_EMAIL_PASSWORD") from = "dwight@dmi.com"}
notifier "my_email" { notify { integration = integration.email.default to = ["security@dmi.com"] }}Then set the notifier variable:
cp flowpipe.fpvars.example flowpipe.fpvarsvi flowpipe.fpvars# Set the notifier to use for inputs and messages# Defaults to the "default" notifiernotifier = "my_email"