A basic set of Lambdas for AWS that covers User security. AWS Config can alert admins, but does not cover enforcement/encouragement. Built using the Serverless Framework
This Lambda makes some assumptions about your setup.
- You are using IAM Users
- Your IAM Usernames are valid email addresses. (Others will be ignored completely)
- You want to go with the standard best practice of 90 day expiration on API key pairs
- You strongly want users to have MFA devices
- You have set up a distribution group for your AWS Administrators
- You have a verified the AWS Administrators distribution group within AWS SES
To install without cloning, you can install from this repo.
npm install -g serverless
sls install -u https://github.com/johnbarney/securitas-lambda
cd securitas-lambda
sls deploy --awsadmin (AWS Administrators distribution group)- Users will be notified DAILY if they do not have a MFA Device associated with their account.
- Users will be notified at 60, 85, and 89 days that their AWS key pair will expire.
- Key pairs over 90 days old and ACTIVE will be automatically deleted and users will be informed that the key as been deleted.
Standard fork/pull request contributions are welcome with the caveat that I may politely decline for any reason.