[{"data":1,"prerenderedAt":56},["ShallowReactive",2],{"workflow-automated-policy-orchestrator":3},{"id":4,"title":5,"cleanup":6,"contributors":10,"deploy":12,"description":16,"diagram":17,"extension":18,"framework":19,"gitHub":20,"introBox":29,"level":33,"meta":34,"resources":35,"s3URL":41,"services":42,"simplicity":47,"stem":48,"testing":49,"type":53,"usecase":54,"videoId":28,"__hash__":55},"workflows\u002Fworkflows\u002Fautomated-policy-orchestrator.json","Automated policy orchestrator",{"headline":7,"text":8},"Cleanup",[9],"1. Delete the stack: \u003Ccode>sam delete\u003C\u002Fcode>.",[11],"content\u002Fcontributors\u002Fbenjamin-smith.json",{"text":13},[14,15],"sam build","sam deploy --guided","Alert administrator on an IAM policy creation event and wait for approval","\u002Fassets\u002Fimages\u002Fworkflows\u002Fautomated-policy-orchestrator.png","json","AWS SAM",{"template":21,"payloads":26},{"repoURL":22,"templateDir":23,"templateFile":24,"ASL":25},"https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fautomating-a-security-incident-with-step-functions\u002Ftree\u002Fmain\u002F","\u002F","template.yaml","statemachine\u002Fstatemachine.asl.json",[27],{"headline":28,"payloadURL":28},"",{"headline":30,"text":31},"How it works",[32],"The application uses Amazon EventBridge to trigger a Step Functions Standard Workflow on an IAM policy creation event. The workflow compares the policy action against a customizable list of restricted actions. It uses AWS Lambda and Step Functions to roll back the policy temporarily, then notify an administrator and wait for them to approve or deny.","100",{},{"headline":36,"bullets":37},"Additional resources",[38],{"text":39,"link":40},"Orchestrating a security incident response with AWS Step Functions","https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Fcompute\u002Forchestrating-a-security-incident-response-with-aws-step-functions\u002F","https:\u002F\u002Fda-public-assets.s3.amazonaws.com\u002Fworkflows\u002Fautomated-policy-orchestrator\u002Fcloudformation.yml",[43,44,45,46],"eventbridge","lambda","sns","iam","3 - Application","workflows\u002Fautomated-policy-orchestrator",{"headline":50,"text":51},"Testing",[52],"See the GitHub repo for detailed testing instructions.","Standard","Security Automation","Pl0RgC54wZkRpR_XHOtTgSqGMsyan0c8tXqc5NLV5So",1779273340302]