Notify If An AWS User's Last Activity is More Than 90 Days

Totalcloud Updated by Totalcloud

Stale users on AWS can pose a threat. It is always recommended to remove old, inactive users from the account.

There's a template already available in the web app for this use case. This workflow template automatically sends an email or a Slack message with a list of users who haven't logged in for more than 90 days.

Please find below the information on how this template works and how you can customize it according to your needs.

How Does This Template Work?

  1. Trigger node initiates the workflow from Monday to Friday at 9am.
  2. Resource node fetches all IAM users belonging to an AWS account and AWS region.
  3. Filter node looks-up for IAM users with PasswordLastUsed greater than 90 days using a custom Function filter.
  4. Notification node sends an email to the concerned team(s) or stakeholder(s) with the list of all all the old IAM users.

Steps to Customize this Template

  1. Open the template
  2. Click on the 'Edit' option in the Trigger node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Retain the 'Schedule' selection and its entries. If you wish to change it, select the day of the week you want to start the workflow from the drop down menu. Example: Monday. If you want the workflow to start every morning, select all the days of the week.
    2. Select the time of the day, of your choice, from the drop down menu. Example: 6:00 for 6am and 21:00 for 9pm.
    3. Click on 'Save'
  3. Click on the 'Edit' option in the Resource node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Retain the AWS Service name 'IAM' entry.
    2. Retain the AWS Resource name 'Users' entry.
    3. Specify "PathPrefix": "MAP" in the Advanced Filters if you wish to auto fill any value from previous data.
    If you wish to pick only specific attributes, use Add-ons.
    1. Click on 'Save'
  4. Click on the 'Edit' option in the Filter node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Select Resource to perform action on as the resource node prior to this node.
    2. Retain the Function selection and use the custom script as shown below:
      1. function(obj){
        if(obj.PasswordLastUsed){
        var lastused = Date.parse($.PasswordLastUsed);
        var curDate = new Date();
        var diff = (curDate - lastused)/1000/60/60/24;
        if(diff > 90){
        return true;
        }
        }
        }
    3. To fine tune the filtering further, add more conditions.
    4. Click on 'Save'
  5. Click on the 'Edit' option in the Notification node to access the parameters input window. Add or modify the following details as per your requirement:
    1. Select Resource to perform action on as the Action node prior to this node.
    2. Enter the receiver's email ID or slack config.
    3. Type in the customized message you would like to be sent to the recipient.
    If you do not type in a customized message, TotalCloud will send a default email or message about the successful execution.
  6. Click on the Save icon
  7. Click on the Run icon

How did we do?

Notify All Publicly Open AWS RDS Instances Once in a Week

Notify All Public Amazon S3 Buckets Once in a Week

Contact