IAM users often get created and forgotten. And forgotten IAM users are a security risk.
In this project, I automated the detection of inactive IAM users and sent alerts using AWS Lambda, EventBridge, SNS, and S3 — all provisioned with Terraform. Here’s how I did it.
Tools Used:
Terraform: Infrastructure provisioning
Lambda (Python): Logic for identifying inactive users
IAM: User credentials check
S3: Archival of inactive user reports
SNS: Notification delivery
EventBridge: Scheduled execution (CRON: every Monday at 12pm)
Step 1 — Terraform Setup
I started by writing Terraform files to create all required AWS resources: an S3 bucket, an SNS topic, a Lambda function, and an EventBridge rule to trigger the function on a schedule.
Step 2 — Writing the Lambda Function (Python)
The core logic was written in Python using boto3. It:
Lists all IAM users
Checks PasswordLastUsed
Flags users inactive for over 90 days
Saves the list in S3
Sends it as an email notification via SNS
Step 3 — Scheduling with EventBridge
I used a CRON expression to schedule the function to run weekly on Mondays at 12pm.
Step 4 — Notifications and Output
A file containing the list of inactive users is automatically uploaded to S3
An email alert is sent with the same content via SNS
Here’s the Repo on GitHub
Let’s connect on LinkedIn!
Top comments (0)