AWS IAM Guard

AWS IAM Guard with Slack integration support

Description

With organization growth, more and more IAM user(s) created, security audit becomes a must action, but it is hard to do security audit manually, AWS IAM Guard is trying to solve this problem in programmatic way.

Supported Audit Items

• IAM User with no MFA configured
• IAM User with no access history for N-day (TODO)
• IAM User's password age over N-day (TODO)
• IAM User's Access Key's age over N-day (TODO)
• IAM User's Access Key have no access history for N-day (TODO)
• IAM User with no access history for N-day (TODO)
• IAM User with no policy attached (TODO)
• IAM Group with no member (TODO)
• IAM Group with no policy attached (TODO)
• IAM Policy with no usage (TODO)

Requirements

• Python 3.7+
• AWS profile(s) configured
• Slack webhook configured

Usage

$ pip3 install -r requirements.txt
$ cp local_settings.py.example local_settings.py
$ vim local_settings.py
$ python3 ./aws-iam-guard.py

FAQ

How do I configure a named AWS profile?

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

Where can I find my incoming webhook?

https://<your-namespace>.slack.com/apps/manage/custom-integrations

Reference

• AWS IAM Best Practice
• AWS Security Audit Guidelines
• Slack Webhook

License

GPL-3.0 License