amazon-web-services - 云托管策略检索超过 90 天的访问密钥并定期通知用户

问题描述

全部，

我想要一个只检索超过 90 天的 ACTIVE 访问密钥并定期通知它们的策略。

policies:
  - name: iam-user-access-keys-older-than-90days
    description: |
      Retrieve all IAM users whom have active access keys that are older than 90days
    resource: iam-user
    filters:
      - type: access-key
        key: Status
        value: Active
      - type: access-key
        key: CreateDate
        value: 90
        op: greater-than
        value_type: age

第一次通知应在 15 天之前发送，第二次通知应在 7 天之前发送，之后每天发送至到期日

标签： amazon-web-servicesamazon-iamcloudcustodian

policies:
  - name: iam-user-access-keys-older-than-90days
    description: |
      Retrieve all IAM users whom have active access keys that are older than 90days
    resource: iam-user
    filters:
      - type: access-key
        key: Status
        value: Active
      - type: access-key
        match-operator: and
        key: CreateDate
        value: 90
        value_type: age
      - type: credential
        match-operator: and
        key: access_keys.last_rotated
        value_type: age
        value: 15
        op: equal
      - type: credential
        match-operator: or
        key: access_keys.last_rotated
        value_type: age
        value: 7
        op: lte
    actions:
       - type: notify
         template: default
         subject: Hello World
         to:
           - event-user
           - someone@somewhere.com
         transport:
           type: asq
           queue: https://storagename.queue.core.windows.net/queuename

您可以编写类似的内容并添加操作以通过 c7n 邮件程序发送邮件。有关更多信息，您可以访问：https ://cloudcustodian.io/docs/aws/resources/iam.html#aws-iam-user

amazon-web-services - 云托管策略检索超过 90 天的访问密钥并定期通知用户

问题描述

解决方案

推荐阅读