AWS IAM Access Key Events Notifier with a Single Pipeline
Send notifications for AWS IAM access key create, update, and delete events using a single pipeline that can handle all event types.
Getting Started
Installation
Download and install Flowpipe (https://flowpipe.io/downloads) and Steampipe (https://steampipe.io/downloads). Or use Brew:
brew install turbot/tap/flowpipebrew install turbot/tap/steampipe
Install the AWS plugin with Steampipe:
steampipe plugin install aws
Steampipe will automatically use your default AWS credentials. Optionally, you can setup multiple accounts or customize AWS credentials.
Create a credential_import
resource to import your Steampipe AWS connections:
vi ~/.flowpipe/config/aws.fpc
credential_import "aws" { source = "~/.steampipe/config/aws.spc" connections = ["*"]}
For more information on importing credentials, please see Credential Import.
For more information on credentials in Flowpipe, please see Managing Credentials.
Clone:
git clone https://github.com/turbot/flowpipe-samples.gitcd public_cloud/notify_new_aws_iam_access_keys
Usage
Start the Steampipe service:
steampipe service start
Start the Flowpipe server:
flowpipe server
Notifiers
By default, all messages will be sent to the terminal. You can setup an integration and a notifier to send the notification through email, Slack, or any other supported integration.
To send messages through email instead:
vi ~/.flowpipe/config/integrations.fpc
integration "email" "default" { smtp_tls = "required" smtps_port = 587 smtp_host = "smtp.gmail.com" smtp_username = "dwight@dmi.com" smtp_password = env("MY_EMAIL_PASSWORD") from = "dwight@dmi.com"}
notifier "my_email" { notify { integration = integration.email.default to = ["security@dmi.com"] }}
Then set the notifier
variable:
cp flowpipe.fpvars.example flowpipe.fpvarsvi flowpipe.fpvars
# Set the notifier to use for inputs and messages# Defaults to the "default" notifiernotifier = "my_email"