amazon-web-services - 云托管策略检索超过 90 天的访问密钥并定期通知用户
问题描述
全部,
我想要一个只检索超过 90 天的 ACTIVE 访问密钥并定期通知它们的策略。
policies:
- name: iam-user-access-keys-older-than-90days
description: |
Retrieve all IAM users whom have active access keys that are older than 90days
resource: iam-user
filters:
- type: access-key
key: Status
value: Active
- type: access-key
key: CreateDate
value: 90
op: greater-than
value_type: age
第一次通知应在 15 天之前发送,第二次通知应在 7 天之前发送,之后每天发送至到期日
解决方案
policies:
- name: iam-user-access-keys-older-than-90days
description: |
Retrieve all IAM users whom have active access keys that are older than 90days
resource: iam-user
filters:
- type: access-key
key: Status
value: Active
- type: access-key
match-operator: and
key: CreateDate
value: 90
value_type: age
- type: credential
match-operator: and
key: access_keys.last_rotated
value_type: age
value: 15
op: equal
- type: credential
match-operator: or
key: access_keys.last_rotated
value_type: age
value: 7
op: lte
actions:
- type: notify
template: default
subject: Hello World
to:
- event-user
- someone@somewhere.com
transport:
type: asq
queue: https://storagename.queue.core.windows.net/queuename
您可以编写类似的内容并添加操作以通过 c7n 邮件程序发送邮件。有关更多信息,您可以访问:https ://cloudcustodian.io/docs/aws/resources/iam.html#aws-iam-user
推荐阅读
- createjs - EaselJS 的 getObjectsUnderPoint (MouseMovement) 的高效方法
- android - 营养历史数据始终从 Android 上的 Google Fit 返回第一项
- javascript - 如何确保在事件侦听器触发后加载 Javascript 文件?
- kubernetes - Vault 颁发者证书不包括中间链
- r - 在 R 的逻辑回归模型中将虚拟变量的组合创建为单个变量
- tradingview-api - Pine Script 如何将输入放入样式
- c# - 如果日期为空/不为空
- terraform - Terraform Azuread_Group 成员资格
- batch-file - 批处理检查用户系统上存在的 .net core v5 桌面运行时(问题)
- arrays - 获取对象表游标时出错