AWS IAM Guard with Slack integration support
With organization growth, more and more IAM user(s) created, security audit becomes a must action, but it is hard to do security audit manually, AWS IAM Guard is trying to solve this problem in programmatic way.
- IAM User with no MFA configured
- IAM User with no access history for N-day (TODO)
- IAM User's password age over N-day (TODO)
- IAM User's Access Key's age over N-day (TODO)
- IAM User's Access Key have no access history for N-day (TODO)
- IAM User with no access history for N-day (TODO)
- IAM User with no policy attached (TODO)
- IAM Group with no member (TODO)
- IAM Group with no policy attached (TODO)
- IAM Policy with no usage (TODO)
- Python 3.7+
- AWS profile(s) configured
- Slack webhook configured
$ pip3 install -r requirements.txt
$ cp local_settings.py.example local_settings.py
$ vim local_settings.py
$ python3 ./aws-iam-guard.py
How do I configure a named AWS profile?
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
Where can I find my incoming webhook?
https://<your-namespace>.slack.com/apps/manage/custom-integrations