samples
turbot/flowpipe-samples/notify-new-aws-iam-access-keys

Notify on New AWS IAM Access Keys

Look for new IAM access keys and for each new access key found, send a notification with the access key ID, user name, account ID, and create timestamp.

Getting Started

Installation

Download and install Flowpipe (https://flowpipe.io/downloads) and Steampipe (https://steampipe.io/downloads). Or use Brew:

brew install turbot/tap/flowpipe
brew install turbot/tap/steampipe

Install the AWS plugin with Steampipe:

steampipe plugin install aws

Steampipe will automatically use your default AWS credentials. Optionally, you can setup multiple accounts or customize AWS credentials.

Create a credential_import resource to import your Steampipe AWS connections:

vi ~/.flowpipe/config/aws.fpc
credential_import "aws" {
source = "~/.steampipe/config/aws.spc"
connections = ["*"]
}

For more information on importing credentials, please see Credential Import.

For more information on credentials in Flowpipe, please see Managing Credentials.

Clone:

git clone https://github.com/turbot/flowpipe-samples.git
cd public_cloud/notify_new_aws_iam_access_keys

Usage

Start the Steampipe service:

steampipe service start

Start the Flowpipe server:

flowpipe server

Notifiers

By default, all messages will be sent to the terminal. You can setup an integration and a notifier to send the notification through email, Slack, or any other supported integration.

To send messages through email instead:

vi ~/.flowpipe/config/integrations.fpc
integration "email" "default" {
smtp_tls = "required"
smtps_port = 587
smtp_host = "smtp.gmail.com"
smtp_username = "dwight@dmi.com"
smtp_password = env("MY_EMAIL_PASSWORD")
from = "dwight@dmi.com"
}
notifier "my_email" {
notify {
integration = integration.email.default
to = ["security@dmi.com"]
}
}

Then set the notifier variable:

cp flowpipe.fpvars.example flowpipe.fpvars
vi flowpipe.fpvars
# Set the notifier to use for inputs and messages
# Defaults to the "default" notifier
notifier = "my_email"