Enforces AWS IAM User Access Key Rotation by warning to a SNS topic, and then disabling keys after an expiry.
- Fork & clone this repository
- Install serverless, if you haven't got it already.
- Install the Node dependencies:
$ yarn - Update the notification email address by editing the
serverless.ymlfile and changing thenotificationEmailAddressto your email or a shared mailbox etc. - Deploy!
$ sls deploy
By default, this the disabling of key is turned off; for good reason! This software doesn't check if the key is in use, so its possible this will revoke/disable a key vital to your production systems. I'd suggest running this without the disabling of keys turned on to see what it would do, had it been turned on.
If you do decide you want this functionality, under the TOPIC_ARN line within the serverless.yml add:
ACTUALLY_DISABLE_KEYS=true
I take no responsibility for any issues caused by this software, including downtime caused by revoked keys. You have been warned!