AWS IAM Access Key Events Notifier with a Single Pipeline

Send notifications for AWS IAM access key create, update, and delete events using a single pipeline that can handle all event types.

Getting Started

Installation

Download and install Flowpipe (https://flowpipe.io/downloads) and Steampipe (https://steampipe.io/downloads). Or use Brew:

brew install turbot/tap/flowpipe
brew install turbot/tap/steampipe

Install the AWS plugin with Steampipe:

steampipe plugin install aws

Steampipe will automatically use your default AWS connections. Optionally, you can setup multiple accounts or customize AWS connections.

Create a connection_import resource to import your Steampipe AWS connections:

vi ~/.flowpipe/config/aws.fpc

connection_import "aws" {
  source      = "~/.steampipe/config/aws.spc"
  connections = ["*"]
}

For more information on importing connections, please see Connection Import.

For more information on connections in Flowpipe, please see Managing Connections.

Clone:

git clone https://github.com/turbot/flowpipe-samples.git
cd public_cloud/notify_new_aws_iam_access_keys

Usage

Start the Steampipe service:

steampipe service start

Start the Flowpipe server:

flowpipe server

Notifiers

By default, all messages will be sent to the terminal. You can setup an integration and a notifier to send the notification through email, Slack, or any other supported integration.

To send messages through email instead:

vi ~/.flowpipe/config/integrations.fpc

integration "email" "default" {
  smtp_tls      = "required"
  smtps_port    = 587
  smtp_host     = "smtp.gmail.com"
  smtp_username = "dwight@dmi.com"
  smtp_password = env("MY_EMAIL_PASSWORD")
  from          = "dwight@dmi.com"
}

notifier "my_email" {
  notify {
    integration = integration.email.default
    to          = ["security@dmi.com"]
  }
}

Then set the notifier variable:

cp flowpipe.fpvars.example flowpipe.fpvars
vi flowpipe.fpvars

# Set the notifier to use for inputs and messages
# Defaults to the "default" notifier
notifier = "my_email"