Automated policy orchestrator

Alert administrator on an IAM policy creation event and wait for approval

The application uses Amazon EventBridge to trigger a Step Functions Standard Workflow on an IAM policy creation event. The workflow compares the policy action against a customizable list of restricted actions. It uses AWS Lambda and Step Functions to roll back the policy temporarily, then notify an administrator and wait for them to approve or deny.

< Back to all workflows

Type:: Standard Workflow
Framework:: AWS SAM

View this workflow on GitHub

Clone repo

git clone https://github.com/aws-samples/automating-a-security-incident-with-step-functions/tree/main/cd step-functions-workflows-collection//

Deploy

sam buildsam deploy --guided

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

1. Delete the stack: sam delete.

Additional resources

Orchestrating a security incident response with AWS Step Functions

Try the Serverlesspresso workshop

Try the Step Functions workshop.

Created by:

Benjamin Smith

Ben is a senior developer advocate for Serverless Applications at Amazon Web Services based in London, UK. Prior to joining AWS Ben worked in a number of different technical roles specializing in workflow Automation and web development.

Follow on LinkedIn