| agent: |
qRBazsPIOP7Js7cYFpFtAWS IAM Password Policy Compliance Evaluation
AWS IAM Password Policy Compliance Evaluation
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
The workflow involves evaluating the AWS account password policy for IAM users to ensure it meets specified requirements. If the policy fails to meet all defined criteria, it is marked as NON_COMPLIANT. The results of the evaluation are tabulated for clarity. Additionally, the workflow identifies IAM users who are non-compliant and provides reasons for their non-compliance. This process helps maintain security standards by ensuring all IAM users adhere to the required password policies.
inputs
outputs
- 1uIR2PkYE222d5wOmwILsEvaluate the AWS account password policy for IAM users against the specified requirements; return NON_COMPLIANT if the policy does not meet all defined criteria. Tabulate the results.
1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Evaluates AWS IAM password policy against specified criteria and tabulates the results.
inputsoutputsimport boto3 import json # Create an IAM client client = boto3.client( 'iam', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY'), region_name='us-east-2' ) # Get the account password policy response = client.get_account_password_policy() password_policy = response['PasswordPolicy'] # Define the required criteria required_criteria = { 'MinimumPasswordLength': required_minimum_password_length, 'RequireSymbols': require_symbols, 'RequireNumbers': require_numbers, 'RequireUppercaseCharacters': require_uppercase, 'RequireLowercaseCharacters': require_lowercase, 'AllowUsersToChangePassword': allow_users_to_change_password } # Check compliance compliance_status = 'COMPLIANT' for key, value in required_criteria.items(): if key in password_policy and password_policy[key] != value: compliance_status = 'NON_COMPLIANT' break # Tabulate the results compliance_table = context.newtable() compliance_table.num_rows = len(required_criteria) + 1 compliance_table.num_cols = 3 compliance_table.title = "AWS IAM Password Policy Compliance" compliance_table.has_header_row = True # Set header compliance_table.setval(0, 0, "Policy Criteria") compliance_table.setval(0, 1, "Required") compliance_table.setval(0, 2, "Current") # Fill table with data row = 1 for key, required_value in required_criteria.items(): current_value = password_policy.get(key, 'Not Set') compliance_table.setval(row, 0, key) compliance_table.setval(row, 1, str(required_value)) compliance_table.setval(row, 2, str(current_value)) row += 1 print("Compliance table created successfully.") print("Compliance Status:", compliance_status)copied1 - 2gFH3LolFtmXUkAckRAFNIdentify non-compliant IAM users and reasons for non-compliance
2
Identify non-compliant IAM users and reasons for non-compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Identifies IAM users who are non-compliant with the password policy and lists them.
inputsoutputsimport boto3 import json # Create an IAM client client = boto3.client( 'iam', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY'), region_name='us-east-2' ) # Get all IAM users users = client.list_users()['Users'] # Get the account password policy response = client.get_account_password_policy() password_policy = response['PasswordPolicy'] # Define the required criteria required_criteria = { 'MinimumPasswordLength': 8, 'RequireSymbols': True, 'RequireNumbers': True, 'RequireUppercaseCharacters': True, 'RequireLowercaseCharacters': True, 'AllowUsersToChangePassword': True } non_compliant_users = [] # Check each user for compliance for user in users: user_name = user['UserName'] user_policy = client.get_user(UserName=user_name) # Assuming user_policy contains password policy details for the user # This is a placeholder as AWS IAM does not provide per-user password policies # In reality, you would need to check user activity or other logs for compliance user_compliance_status = 'COMPLIANT' for key, value in required_criteria.items(): if key in password_policy and password_policy[key] != value: user_compliance_status = 'NON_COMPLIANT' break if user_compliance_status == 'NON_COMPLIANT': non_compliant_users.append(user_name) print("Non-compliant Users:", json.dumps(non_compliant_users, indent=4))copied2