...
AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.
Connect AWS IAM with Devo SOAR
Navigate to Automations > Integrations.
Search for AWS IAM.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Access Key: To access AWS API, provide a valid Access Key.
Secret Key: To access AWS API, provide a valid secret Key.
Actions for AWS IAM
Get Access Key Last Used
Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and Region that were specified in the last request made with that key.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Role Arn | Jinja-templated text containing the value of Role Arn. | |
Example: {{role_arn}} | Required | |
Access Key | Jinja-templated text containing the name of the access key. | |
Example: {{aws_iam_column_name}} | Required |
Output
A JSON object containing multiple rows of result:
...
Code Block |
---|
## Create Access Key Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | : -------- | : -------- | : -------- | | Role Arn | [Jinja-templated](doc:jinja-template) text containing the value of Role Arn. Example: {{role_arn}} | Required | | Username | [Jinja-templated](doc:jinja-template) text containing the username. Example: {{aws_username_column_name}} | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null - result: Response from AWS IAM ``` {json}{ "result":{ "AccessKey":{ "UserName":"Logichub-User", "AccessKeyId":"AKxxxxxxxxxxxxxx", "Status":"Active", "SecretAccessKey":"f71xxxxxxxxxxxxxxxxxxxxxxx", "CreateDate":"2021-06-09T15:04:16+00:00" }, "ResponseMetadata":{ "RequestId":"0ea56b5b-757d-4f49-bb06-69da4df6b055", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"0ea56b5b-757d-4f49-bb06-69da4df6b055", "content-type":"text/xml", "content-length":"606", "date":"Wed, 09 Jun 2021 15:04:15 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false } |
Delete Access Key
Deletes the access key pair associated with the specified IAM user.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Role Arn | Jinja-templated text containing the value of Role Arn. | |
Example: {{role_arn}} | Required | |
Username | Jinja-templated containing the username. Example: {{aws_username_column_name}} | Required |
Access Key | Jinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}} | Required |
Output
A JSON object containing multiple rows of result:
...
Code Block |
---|
## List Access Keys Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | : -------- | : -------- | : -------- | | Role Arn | [Jinja-templated](doc:jinja-template) text containing the value of Role Arn. Example: {{role_arn}} | Required | | Username | [Jinja-templated](doc:jinja-template) text containing the username. Example: {{aws_username_column_name}} | Required | ### Output Array of JSON object representing access key details in individual rows. ```julia { "result": { "UserName":"Logichub-User", "has_error":false, "AccessKeyId":"AKIXXXXXXXXXXXXXXXXXXX", "CreateDate":"2021-06-09T04:10:12+00:00", "error":null, "Status":"Inactive" }, "role_arn": "arn:aws:iam::{{account_id}}:role/{{role_name}}" } |
Update Access Key
Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Role Arn | Jinja-templated text containing the value of Role Arn. Example: {{role_arn}} | Required |
Username | Jinja-templated text containing the username. Example: {{aws_username_column_name}} | Required |
Access Key | Jinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}} | Required |
Status | Select new status of the access key. Possible values are (Active / Inactive). | Required |
Output
A JSON object containing multiple rows of result:
...
Code Block |
---|
## Attach User Policy Attaches the specified managed policy to the specified user. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | : -------- | : -------- | : -------- | | Role Arn | [Jinja-templated](doc:jinja-template) text containing the value of Role Arn. Example: {{role_arn}} | Required | | Username | [Jinja-templated](doc:jinja-template) text containing the username. Example: {{aws_username_column_name}} | Required | | Policy ARN | [Jinja-templated](doc:jinja-template) text containing the policy arn to be attached. Example: {{policy_column_name}} | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null - result: Response from AWS IAM ``` {json}{ "result":{ "ResponseMetadata":{ "RequestId":"048faea0-1f9d-4bb6-8716-160f19f072a5", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"048faea0-1f9d-4bb6-8716-160f19f072a5", "content-type":"text/xml", "content-length":"212", "date":"Mon, 18 Oct 2021 18:11:14 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false } |
List Policies
Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Policy Usage Filter | Select policy usage filter. (Default is to ignore this filter).Select policy usage filter. (Default is to ignore this filter). Possible values are: PermissionsPolicy or PermissionsBoundary. | Required |
Scope | Scope to use for filtering the results. (Default is All). Possible values are: All, AWS or Local. | Required |
Only Attached | A flag to filter the results to only the attached policies. (Default is False). Possible values are: True or False. | Required |
Max Items | Maximum number of policies to return. (Default is to not provide any limit and return all the policies). | Required |
Output
A JSON object containing multiple rows of result:
...
{json}{ "Arn":"arn:aws:iam::00xxxxxxx:policy/AllowMoreReadForInfosec", "AttachmentCount":1, "CreateDate":"2020-04-22T23:31:38+00:00", "DefaultVersionId":"v1", "IsAttachable":true, "Path":"/", "PermissionsBoundaryUsageCount":0, "PolicyId":"ANPAQEBFLQ6YJO45PSNFQ", "PolicyName":"AllowMoreReadForInfosec", "UpdateDate":"2020-04-22T23:31:38+00:00", "error":null, "has_error":false }
Release Notes
v2.0.0
- Updated architecture to support IO via filesystem
...