[{"data":1,"prerenderedAt":57},["ShallowReactive",2],{"workflow-automated-security-orchestrator-cdk":3},{"id":4,"title":5,"cleanup":6,"contributors":10,"deploy":12,"description":15,"diagram":16,"extension":17,"framework":18,"gitHub":19,"introBox":28,"level":32,"meta":33,"resources":34,"s3URL":43,"services":44,"simplicity":48,"stem":49,"testing":50,"type":54,"usecase":55,"videoId":27,"__hash__":56},"workflows\u002Fworkflows\u002Fautomated-security-orchestrator-cdk.json","Automated security orchestrator",{"headline":7,"text":8},"Cleanup",[9],"1. Delete the stack: \u003Ccode>cdk destroy\u003C\u002Fcode>.",[11],"content\u002Fcontributors\u002Fsada-velayutham.json",{"text":13},[14],"cdk deploy","This is AWS Step Functions workflow automates the process of verifying if newly created IAM Policies contain any of the predefined list of restricted actions.","\u002Fassets\u002Fimages\u002Fworkflows\u002Fautomated-security-orchestrator-cdk.png","json","AWS CDK",{"template":20,"payloads":25},{"repoURL":21,"templateDir":22,"templateFile":23,"ASL":24},"https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fstep-functions-workflows-collection\u002Ftree\u002Fmain\u002Fautomating-a-security-incident-with-step-functions-cdk\u002F","automating-a-security-incident-with-step-functions-cdk\u002F","python\u002Fapp.py","python\u002Fstatemachine\u002Fstatemachine.asl.json",[26],{"headline":27,"payloadURL":27},"",{"headline":29,"text":30},"How it works",[31],"An event rule is created which specifically looks for IAM CreatePolicy event. When a new policy is created, this event gets triggered and the step function is started. First, the step function validates the policy document to see if the actions contain any of the restricted actions. If yes, it creates a temporary policy with the same ARN as the new policy and sends a notification to the email configured with links to either approve or deny.","300",{},{"headline":35,"bullets":36},"Additional resources",[37,40],{"text":38,"link":39},"Blog: Orchestrating a security incident response with AWS Step Functions","https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Fcompute\u002Forchestrating-a-security-incident-response-with-aws-step-functions\u002F",{"text":41,"link":42},"Alternate Policy orchestrator ","http:\u002F\u002Flocalhost:51776\u002Fworkflows\u002Fautomated-policy-orchestrator",null,[45,46,47],"iam","sfn","lambda","3 - Application","workflows\u002Fautomated-security-orchestrator-cdk",{"headline":51,"text":52},"Testing",[53],"See the GitHub repo for detailed testing instructions.","Standard","Security Automation","aSAVO6_egofgAFmMXJDiYvwRuIP9r6CIQQYn98cqvFk",1782229685061]