| agent: |
Audit of AWS IAM User Credential Activity
The workflow involves evaluating all AWS IAM users to identify any with passwords or active access keys that have not been used within a specified number of days, defaulting to 90 days. If any user credentials are found to be inactive beyond this threshold, they are marked as NON_COMPLIANT. The results of this evaluation are then tabulated for further analysis. This process ensures that only active and necessary credentials are maintained, enhancing security by identifying and addressing potential vulnerabilities.
- 1SUAzZjerbMBqhwwBLZ99Evaluate all AWS IAM users and identify any with passwords or active access keys that have not been used within the specified number of days (default: 90 days); return NON_COMPLIANT if any user credentials are inactive beyond this threshold. Tabulate the results.
1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Evaluates AWS IAM users for inactive credentials and tabulates the results.
inputsoutputs1- 1.1j0ywM4rr25rrIXEC3kxmList all AWS IAM users and retrieve their last used date for passwords and access keys.
1.1
List all AWS IAM users and retrieve their last used date for passwords and access keys.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Lists all AWS IAM users and retrieves their last used date for passwords and access keys, handling timezone differences.
inputsoutputsimport boto3 from datetime import datetime, timezone import json # Initialize boto3 client for IAM client = boto3.client( 'iam', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY'), region_name='us-east-2' ) # Get all IAM users users = client.list_users()['Users'] users_last_used_info = [] for user in users: user_info = {} user_name = user['UserName'] password_last_used = user.get('PasswordLastUsed') if password_last_used: password_last_used = password_last_used.replace(tzinfo=timezone.utc) # Check access keys access_keys = client.list_access_keys(UserName=user_name)['AccessKeyMetadata'] last_used_date = None for access_key in access_keys: access_key_id = access_key['AccessKeyId'] last_used_info = client.get_access_key_last_used(AccessKeyId=access_key_id) last_used_date = last_used_info['AccessKeyLastUsed'].get('LastUsedDate') if last_used_date: last_used_date = last_used_date.replace(tzinfo=timezone.utc) user_info['UserName'] = user_name user_info['PasswordLastUsed'] = str(password_last_used) if password_last_used else "Never" user_info['AccessKeyLastUsed'] = str(last_used_date) if last_used_date else "Never" users_last_used_info.append(user_info) print(json.dumps(users_last_used_info, indent=4, default=str))copied1.1 - 1.2VmKKYc9FfzDBqCA76JTfIdentify AWS IAM users with passwords or access keys that have not been used in the last 90 days.
1.2
Identify AWS IAM users with passwords or access keys that have not been used in the last 90 days.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Identifies AWS IAM users with passwords or access keys not used in the last 90 days and lists them as non-compliant.
inputsoutputsfrom datetime import datetime, timedelta, timezone import json # Calculate the threshold date threshold_date = datetime.now(timezone.utc) - timedelta(days=days_threshold) non_compliant_users = [] for user in users_last_used_info: password_last_used = user['PasswordLastUsed'] access_key_last_used = user['AccessKeyLastUsed'] # Check password last used if password_last_used != "Never": password_last_used_date = datetime.fromisoformat(password_last_used) if password_last_used_date < threshold_date: non_compliant_users.append(user['UserName']) continue # Check access key last used if access_key_last_used != "Never": access_key_last_used_date = datetime.fromisoformat(access_key_last_used) if access_key_last_used_date < threshold_date: non_compliant_users.append(user['UserName']) print(json.dumps(non_compliant_users, indent=4))copied1.2 - 1.3vSJ79mSOXagxffD0kciBDetermine compliance status based on the usage of AWS IAM user credentials, marking as NON_COMPLIANT if any credentials are inactive beyond 90 days.
1.3
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Determines compliance status based on AWS IAM user credentials usage, marking as NON_COMPLIANT if any credentials are inactive beyond 90 days.
inputsoutputscompliance_status = "COMPLIANT" if not non_compliant_users else "NON_COMPLIANT" print(f"Compliance Status: {compliance_status}")copied1.3 - 1.4BlqaOIdbRmVDQngbUzdnTabulate the results of the compliance evaluation for AWS IAM users.
1.4
Tabulate the results of the compliance evaluation for AWS IAM users.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Tabulates the compliance evaluation results for AWS IAM users, marking non-compliant users.
inputsoutputstable = context.newtable() table.num_rows = len(non_compliant_users) + 1 # Including header row table.num_cols = 2 table.title = "AWS IAM Users Compliance Evaluation" table.has_header_row = True table.setval(0, 0, "UserName") table.setval(0, 1, "Compliance Status") for idx, user in enumerate(non_compliant_users, start=1): table.setval(idx, 0, user) table.setval(idx, 1, "NON_COMPLIANT") print("Compliance evaluation results have been tabulated successfully.")copied1.4