Skip to content
/ IAM-watcher-lambda Public

Watch cloudtrail for IAM events, post them to slack.

License

MIT license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dtkav/IAM-watcher-lambda

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
lambda.py
lambda.py
 
 

Repository files navigation

IAM-watcher-lambda

Watch cloudtrail for IAM events, post them to slack.

Note the slack configuration at the top of lambda.py

SLACK_HOOK = "https://hooks.slack.com/services/<asdf>/<asdf>/<asdf>"  # change me
SLACK_CHANNEL = "general"  # change me
SLACK_USER = "trails"      # change me
SLACK_ICON = ":shield:"

You'll also need to attach an IAM roles for your lambda function to give it access to the log files.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": [
                "arn:aws-us-gov:s3:::<your cloudtrail bucket>"
            ],
            "Action": [
                "s3:ListBucket"
            ]
        },
        {
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws-us-gov:s3:::<your cloudtrail bucket>/*",
            "Effect": "Allow"
        }
    ]
}

Good luck!

About

Watch cloudtrail for IAM events, post them to slack.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages