This n8n workflow is designed to automate the monitoring of inactive AWS IAM users and notify a Slack channel about users who haven’t shown activity for over 90 days. It helps security, DevOps, and compliance teams maintain IAM hygiene by regularly flagging inactive accounts.
**Workflow steps:**
1. The process begins with a weekly schedule trigger, initiating the workflow automatically every week.
2. It then fetches a complete list of IAM users in the AWS account using the ‘Get many users’ node.
3. For each user, detailed information is retrieved via the ‘Get user’ node, including last activity timestamps.
4. The data is filtered to exclude irrelevant users, such as service-linked accounts or users without activity data.
5. It compares the last activity date (PasswordLastUsed, AccessKeyLastUsed, or create date) to determine if the user has been inactive for more than 90 days.
6. If inactive, a message is sent prominently to Slack alerting the team, including user details and last activity timestamp.
7. Users who do not meet the inactivity criteria are ignored, and the workflow ends silently.
This workflow is practical for security teams to automate inactivity detection, reduce risk, and ensure IAM best practices without manual effort. It can be customized to extend the inactivity window, include additional user details, or trigger further automation actions.
**Use case:** Scheduled IAM hygiene checks for organizations managing multiple AWS accounts or need compliance with security policies.
Reviews
There are no reviews yet.