Notify on New AWS IAM Access Keys
Look for new IAM access keys and for each new access key found, send a notification with the access key ID, user name, account ID, and create timestamp.
Getting Started
Installation
Download and install Flowpipe (https://flowpipe.io/downloads) and Steampipe (https://steampipe.io/downloads). Or use Brew:
brew install turbot/tap/flowpipebrew install turbot/tap/steampipe
Install the AWS plugin with Steampipe:
steampipe plugin install aws
Steampipe will automatically use your default AWS connections. Optionally, you can setup multiple accounts or customize AWS connections.
Create a connection_import
resource to import your Steampipe AWS connections:
vi ~/.flowpipe/config/aws.fpc
connection_import "aws" { source = "~/.steampipe/config/aws.spc" connections = ["*"]}
For more information on importing connections, please see Connection Import.
For more information on connections in Flowpipe, please see Managing Connections.
Clone:
git clone https://github.com/turbot/flowpipe-samples.gitcd public_cloud/notify_new_aws_iam_access_keys
Usage
Start the Steampipe service:
steampipe service start
Start the Flowpipe server:
flowpipe server
Notifiers
By default, all messages will be sent to the terminal. You can setup an integration and a notifier to send the notification through email, Slack, or any other supported integration.
To send messages through email instead:
vi ~/.flowpipe/config/integrations.fpc
integration "email" "default" { smtp_tls = "required" smtps_port = 587 smtp_host = "smtp.gmail.com" smtp_username = "dwight@dmi.com" smtp_password = env("MY_EMAIL_PASSWORD") from = "dwight@dmi.com"}
notifier "my_email" { notify { integration = integration.email.default to = ["security@dmi.com"] }}
Then set the notifier
variable:
cp flowpipe.fpvars.example flowpipe.fpvarsvi flowpipe.fpvars
# Set the notifier to use for inputs and messages# Defaults to the "default" notifiernotifier = notifier.my_email