AWS IAM User Group Membership

Check for AWS IAM users with multiple group membership and automate GitHub issue management at 9 AM UTC on weekdays.

If run with flowpipe server, this mod will create/update/close GitHub issues every weekday at 9 AM UTC.


Docker daemon must be installed and running. Please see Install Docker Engine for more information.


Download and install Flowpipe ( Or use Brew:

brew tap turbot/tap
brew install flowpipe


git clone
cd public_cloud/aws_iam_user_group_membership

Install mod dependencies:

flowpipe mod install


By default, the following environment variables will be used for authentication:


You can also create credential resources in configuration files:

vi creds.fpc
credential "aws" "aws_profile" {
profile = "my-profile"
credential "aws" "aws_access_key_pair" {
access_key = "AKIA..."
secret_key = "dP+C+J..."
credential "aws" "aws_session_token" {
access_key = "AKIA..."
secret_key = "dP+C+J..."
session_token = "AQoDX..."
credential "github" "default" {
token = "ghp_..."

For more information on credentials in Flowpipe, please see Managing Credentials.


Run the pipeline to check IAM user group membership and manage corresponding GitHub issues immediately:

flowpipe pipeline run aws_iam_user_group_membership --arg github_repository_owner=my_gh_org --arg github_repository_name=my_gh_repo

To perform the IAM user group membership check at the scheduled time, start the Flowpipe server:

flowpipe server

Once started, Flowpipe will run the pipeline automatically at the scheduled time.


To avoid entering variable values when running the pipeline or starting the server, you can set variable values:

cp flowpipe.fpvars.example flowpipe.fpvars
vi flowpipe.fpvars
# Optional
# github_cred = "non_default_cred"
# aws_cred = "non_default_cred"

Open Source & Contributing

This repository is published under the Apache 2.0 license. Please see our code of conduct. We look forward to collaborating with you!

Flowpipe is a product produced from this open source software, exclusively by Turbot HQ, Inc. It is distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our Open Source FAQ.

Get Involved

Join #flowpipe on Slack →

Want to help but not sure where to start? Pick up one of the help wanted issues: