Document toolboxDocument toolbox

AWS IAM

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
5 min read
[ 1 Connect AWS IAM with Devo SOAR ] [ 2 Actions for AWS IAM ] [ 2.1 Get Access Key Last Used ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 Delete Access Key ] [ 2.2.1 Input Field ] [ 2.2.2 Output ] [ 2.3 Update Access Key ] [ 2.3.1 Input Field ] [ 2.3.2 Output ] [ 2.4 List Policies ] [ 2.4.1 Input Field ] [ 2.4.2 Output ] [ 3 Release Notes ]

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

Connect AWS IAM with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for AWS IAM.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Region Name: To access AWS API, provide a valid Region name.

  9. Access Key: To access AWS API, provide a valid Access Key.

  10. Secret Key: To access AWS API, provide a valid secret Key.

  11. After you've entered all the details, click Connect.

Actions for AWS IAM

Get Access Key Last Used

Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and Region that were specified in the last request made with that key.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Access Key

Jinja-templated text containing the name of the access key.

 

Example: {{aws_iam_column_name}}

Required

 

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Response from AWS IAM

``` {json}{ "result":{ "UserName":"Logichub-User", "AccessKeyLastUsed":{ "LastUsedDate":"2021-06-09T04:17:00+00:00", "ServiceName":"iam", "Region":"us-east-1" }, "ResponseMetadata":{ "RequestId":"df329b96-752d-4170-96fe-499f29f9a625", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"df329b96-752d-4170-96fe-499f29f9a625", "content-type":"text/xml", "content-length":"498", "date":"Wed, 09 Jun 2021 14:16:51 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false }

## Create Access Key Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | : -------- | : -------- | : -------- | | Username | [Jinja-templated](doc:jinja-template) text containing the username. Example: {{aws_username_column_name}} | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null - result: Response from AWS IAM ``` {json}{ "result":{ "AccessKey":{ "UserName":"Logichub-User", "AccessKeyId":"AKxxxxxxxxxxxxxx", "Status":"Active", "SecretAccessKey":"f71xxxxxxxxxxxxxxxxxxxxxxx", "CreateDate":"2021-06-09T15:04:16+00:00" }, "ResponseMetadata":{ "RequestId":"0ea56b5b-757d-4f49-bb06-69da4df6b055", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"0ea56b5b-757d-4f49-bb06-69da4df6b055", "content-type":"text/xml", "content-length":"606", "date":"Wed, 09 Jun 2021 15:04:15 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false }

Delete Access Key

Deletes the access key pair associated with the specified IAM user.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Username

Jinja-templated containing the username. Example: {{aws_username_column_name}}

Required

Access Key

Jinja-templated containing the name of the access key. Example: {{aws_iam_column_name}}

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Response from AWS IAM

``` {json}{ "result":{ "ResponseMetadata":{ "RequestId":"eef000bd-b955-4950-bc3e-7b6ddfd514b5", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"eef000bd-b955-4950-bc3e-7b6ddfd514b5", "content-type":"text/xml", "content-length":"210", "date":"Wed, 09 Jun 2021 15:01:46 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false }

## List Access Keys Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :--------- | :-------------------------------------------------------------------------------------------------------- | :------- | | Username | [Jinja-templated](doc:jinja-template) text containing the username. Example: {{aws_username_column_name}} | Required | ### Output Array of JSON object representing access key details in individual rows. ```julia { "UserName":"Logichub-User", "has_error":false, "AccessKeyId":"AKIXXXXXXXXXXXXXXXXXXX", "CreateDate":"2021-06-09T04:10:12+00:00", "error":null, "Status":"Inactive" }

Update Access Key

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Username

Jinja-templated text containing the username. Example: {{aws_username_column_name}}

Required

Access Key

Jinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}}

Required

Status

Select new status of the access key. Possible values are (Active / Inactive)

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Response from AWS IAM

``` {json}{ "result":{ "ResponseMetadata":{ "RequestId":"32e608e4-d3a8-4970-8e3a-479862a6a4c7", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"32e608e4-d3a8-4970-8e3a-479862a6a4c7", "content-type":"text/xml", "content-length":"210", "date":"Wed, 09 Jun 2021 14:47:41 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false }

## Attach User Policy Attaches the specified managed policy to the specified user. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | : -------- | : -------- | : -------- | | Role Arn | [Jinja-Templated](doc:jinja-template) text containing the value of Role Arn. Example: {{role_arn}} | Required | | Username | Jinja-templated text containing the username. Example: {{aws_username_column_name}} | Required | | Policy ARN | Jinja-templated text containing the policy arn to be attached. Example: {{policy_column_name}} | Required | ### Output A JSON object containing multiple rows of result: - has_error: True/False - error: message/null - result: Response from AWS IAM ``` {json}{ "result":{ "ResponseMetadata":{ "RequestId":"048faea0-1f9d-4bb6-8716-160f19f072a5", "HTTPStatusCode":200, "HTTPHeaders":{ "x-amzn-requestid":"048faea0-1f9d-4bb6-8716-160f19f072a5", "content-type":"text/xml", "content-length":"212", "date":"Mon, 18 Oct 2021 18:11:14 GMT" }, "RetryAttempts":0 } }, "error":null, "has_error":false }

List Policies

Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Policy Usage Filter

Select policy usage filter. (Default is to ignore this filter).Select policy usage filter. (Default is to ignore this filter). Possible values are: PermissionsPolicy or PermissionsBoundary.

Required

Scope

Scope to use for filtering the results. (Default is All). Possible values are: All, AWS or Local.

Required

Only Attached

A flag to filter the results to only the attached policies. (Default is False). Possible values are: True or False.

Required

Max Items

Maximum number of policies to return. (Default is to not provide any limit and return all the policies).

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Response from AWS IAM

{json}{ "Arn":"arn:aws:iam::00xxxxxxx:policy/AllowMoreReadForInfosec", "AttachmentCount":1, "CreateDate":"2020-04-22T23:31:38+00:00", "DefaultVersionId":"v1", "IsAttachable":true, "Path":"/", "PermissionsBoundaryUsageCount":0, "PolicyId":"ANPAQEBFLQ6YJO45PSNFQ", "PolicyName":"AllowMoreReadForInfosec", "UpdateDate":"2020-04-22T23:31:38+00:00", "error":null, "has_error":false }

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem