| agent: |
AWS IAM Access Key Compliance Evaluation
This workflow involves assessing all active AWS IAM access keys to ensure they have been rotated within a specified period, typically 90 days. The process identifies any keys that have not been rotated within this timeframe and flags them as NON_COMPLIANT. The results of this evaluation are then tabulated for further analysis. This helps maintain security by ensuring that access keys are regularly updated to prevent unauthorized access.
- 1eYv2pgGVt5pqtlPymlGIEvaluate all active AWS IAM access keys and identify any that have not been rotated within the specified maxAccessKeyAge days (default: 90 days); return NON_COMPLIANT if any key exceeds this age threshold. Tabulate the results.
1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Evaluates IAM access keys for compliance with rotation policy and tabulates results.
inputsoutputs1- 1.1KuAZxS4pqIvy9zKpStcARetrieve a list of all active AWS IAM access keys.
1.1
Retrieve a list of all active AWS IAM access keys.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Retrieves and prints a list of all active AWS IAM access keys.
inputsoutputsimport boto3 # Initialize boto3 client for IAM client = boto3.client( 'iam', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) # Get all users users = client.list_users()['Users'] # List to store active access keys active_access_keys = [] # Check each user's access keys for user in users: user_name = user['UserName'] access_keys = client.list_access_keys(UserName=user_name)['AccessKeyMetadata'] for access_key in access_keys: if access_key['Status'] == 'Active': active_access_keys.append({ 'UserName': user_name, 'AccessKeyId': access_key['AccessKeyId'], 'CreateDate': access_key['CreateDate'] }) # Print the list of active access keys import json print(json.dumps(active_access_keys, indent=4, default=str))copied1.1 - 1.2Hbdw8Nb86d4wuxAWuOdzFor each active AWS IAM access key, determine the last rotation date.
1.2
For each active AWS IAM access key, determine the last rotation date.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Determines the last rotation date for each active AWS IAM access key using the creation date.
inputsoutputsfrom datetime import datetime import json # List to store access key rotation dates access_key_rotation_dates = [] # Iterate over each active access key for key in active_access_keys: # Extract the creation date create_date = key['CreateDate'] # Append the rotation date information access_key_rotation_dates.append({ 'UserName': key['UserName'], 'AccessKeyId': key['AccessKeyId'], 'LastRotationDate': create_date }) # Print the access key rotation dates print(json.dumps(access_key_rotation_dates, indent=4, default=str))copied1.2 - 1.3fRTv6Xbvd56z8Yxqnn4KCompare the last rotation date of each access key with the specified maxAccessKeyAge (default: 90 days) to identify keys that have not been rotated within this period.
1.3
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Identifies AWS IAM access keys that have not been rotated within the specified maxAccessKeyAge days, fixing datetime comparison issue.
inputsoutputsfrom datetime import datetime, timedelta import json # Define maximum key age (e.g., 90 days) maxAccessKeyAge = 90 # Calculate the threshold date threshold_date = datetime.now().astimezone() - timedelta(days=maxAccessKeyAge) # List to store non-compliant keys non_compliant_keys = [] # Iterate through the access keys for key in access_key_rotation_dates: last_rotation_date_str = str(key['LastRotationDate']) # Ensure it's a string try: last_rotation_date = datetime.fromisoformat(last_rotation_date_str) if last_rotation_date < threshold_date: non_compliant_keys.append({ 'UserName': key['UserName'], 'AccessKeyId': key['AccessKeyId'], 'LastRotationDate': key['LastRotationDate'], 'Status': 'NON_COMPLIANT' }) except ValueError: print(f"Skipping invalid date format for user {key['UserName']}: {last_rotation_date_str}") # Print the non-compliant keys print(json.dumps(non_compliant_keys, indent=4, default=str))copied1.3 - 1.4ZxdsiSkFej6PuqTKC5kHReturn NON_COMPLIANT for any access key that exceeds the maxAccessKeyAge threshold.
1.4
Return NON_COMPLIANT for any access key that exceeds the maxAccessKeyAge threshold.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Returns and prints NON_COMPLIANT status for access keys exceeding the maxAccessKeyAge threshold.
inputsoutputsimport json # Print the non-compliant keys print(json.dumps(non_compliant_keys, indent=4, default=str))copied1.4 - 1.5Pq0yQXkv0YpakwV0kEE4Tabulate the results of the compliance check, indicating which keys are compliant and which are non-compliant.
1.5
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Tabulates the compliance check results for IAM access keys, indicating non-compliant keys.
inputsoutputstable = context.newtable() table.num_rows = len(non_compliant_keys) + 1 # Including header row table.num_cols = 4 table.title = "IAM Access Key Compliance Check" table.has_header_row = True # Set header row headers = ["UserName", "AccessKeyId", "LastRotationDate", "Status"] for col_index, header in enumerate(headers): table.setval(0, col_index, header) # Populate table with non-compliant keys for row_index, key in enumerate(non_compliant_keys, start=1): table.setval(row_index, 0, key['UserName']) table.setval(row_index, 1, key['AccessKeyId']) table.setval(row_index, 2, key['LastRotationDate']) table.setval(row_index, 3, key['Status']) print("Compliance check results have been tabulated successfully.")copied1.5