Notify If An AWS User's Last Activity is More Than 90 Days

Updated 2 weeks ago by Totalcloud

Stale users on AWS can pose a threat. It is always recommended to remove old, inactive users from the account.

There's a template already available in the web app for this use case. This workflow template automatically sends an email or a Slack message with a list of users who haven't logged in for more than 90 days.

Please find below the information on how this template works and how you can customize it according to your needs.

How Does This Template Work?

  1. Trigger node initiates the workflow from Monday to Friday at 9am.
  2. Resource node fetches all IAM users belonging to an AWS account and AWS region.
  3. Filter node looks-up for IAM users with PasswordLastUsed greater than 90 days using a custom Function filter.
  4. Notification node sends an email to the concerned team(s) or stakeholder(s) with the list of all all the old IAM users.

Steps to Customize this Template

  1. Open the template and check for all the nodes' connectivity.
  2. Double click on Trigger node. Add or modify the following details as per your requirement:
    1. Retain the 'Schedule' selection and its entries. If you wish to change it, select the day of the week you want to start the workflow from the drop down menu. Example: Monday. If you want the workflow to start every morning, select all the days of the week.
    2. Select the time of the day, of your choice, from the drop down menu. Example: 6:00 for 6am and 21:00 for 9pm.
    3. Click on Save Node.
  3. Double click on Resource node. Add or modify the following details as per your requirement:
    1. Select your AWS account from the drop down menu.
    2. Select the AWS region you want to pick the resources from.
    3. Retain the AWS Service name 'IAM' entry.
    4. Retain the AWS Resource name 'Users' entry.
    5. Specify "PathPrefix": "MAP" in the Advanced Filters if you wish to auto fill any value from previous data.
    If you wish to pick only specific attributes, use Add-ons.
    1. Click on Save Node.
  4. Double click on Filter node. Add or modify the following details as per your requirement:
    1. Retain the Function selection and use the custom script as shown below:
      1. function(obj){
        if(obj.PasswordLastUsed){
        var lastused = Date.parse($.PasswordLastUsed);
        var curDate = new Date();
        var diff = (curDate - lastused)/1000/60/60/24;
        if(diff > 90){
        return true;
        }
        }
        }
    2. To fine tune the filtering further, add more conditions.
    3. Click on Save Node.
  5. Double click on Notification node. Add or modify the following details as per your requirement:
    1. Enter the receiver's email ID or slack config.
    2. Type in the customized message you would like to be sent to the recipient.
    If you do not type in a customized message, TotalCloud will send a default email or message about the successful execution.
  6. Click on Save the Workflow.
  7. Click on Validate the Workflow with the policy.
  8. Click on Run Now.


How did we do?