This is AWS Step Functions workflow automates the process of verifying if newly created IAM Policies contain any of the predefined list of restricted actions.
An event rule is created which specifically looks for IAM CreatePolicy event. When a new policy is created, this event gets triggered and the step function is started. First, the step function validates the policy document to see if the actions contain any of the restricted actions. If yes, it creates a temporary policy with the same ARN as the new policy and sends a notification to the email configured with links to either approve or deny.
< Back to all workflows
Clone repo
git clone https://github.com/aws-samples/step-functions-workflows-collection/tree/main/automating-a-security-incident-with-step-functions-cdk/cd step-functions-workflows-collection/automating-a-security-incident-with-step-functions-cdk/
Deploy
cdk deploy
Testing
See the GitHub repo for detailed testing instructions.
Cleanup
1. Delete the stack:
cdk destroy.