{ "id": "Q0EjgXk8j2ygOvy5", "meta": { "templateCredsSetupCompleted": true }, "name": "AWS IAM Access Key Rotation Reminder Automation Workflow", "tags": [ { "id": "hvp6nueQ4hpIJWbY", "name": "aws", "createdAt": "2025-08-17T05:47:27.209Z", "updatedAt": "2025-08-17T05:47:27.209Z" } ], "nodes": [ { "id": "77d5914f-44dd-4267-be75-f960f477702d", "name": "Weekly scheduler", "type": "n8n-nodes-base.scheduleTrigger", "position": [ -448, 16 ], "parameters": { "rule": { "interval": [ { "field": "weeks" } ] } }, "typeVersion": 1.2 }, { "id": "e0c92177-d85f-45c1-b0a6-bcb7e9b424e1", "name": "Get many users", "type": "n8n-nodes-base.awsIam", "position": [ -224, 16 ], "parameters": { "returnAll": true, "requestOptions": {}, "additionalFields": {} }, "credentials": { "aws": { "name": "" } }, "typeVersion": 1 }, { "id": "d019ce1c-ce14-42df-856a-fc9dcaaf533f", "name": "No Operation, do nothing", "type": "n8n-nodes-base.noOp", "position": [ 672, 112 ], "parameters": {}, "typeVersion": 1 }, { "id": "f0b5101b-e521-45d9-9d93-9bcffa3a1702", "name": "Send a message", "type": "n8n-nodes-base.slack", "position": [ 672, -80 ], "parameters": { "text": "=:warning: Access key for {{ $json.ListAccessKeysResponse.ListAccessKeysResult.AccessKeyMetadata[0].UserName }} is {{ $json.ListAccessKeysResponse.ListAccessKeysResult.AccessKeyMetadata[0].CreateDate.toDateTime('s').diffTo($now, 'days').ceil().abs() }} days old \u2014 rotate soon.", "user": { "__rl": true, "mode": "list", "value": "U054RMBTVBM", "cachedResultName": "trung.tran" }, "select": "user", "otherOptions": {}, "authentication": "oAuth2" }, "credentials": { "slackOAuth2Api": { "name": "" } }, "typeVersion": 2.3 }, { "id": "7b14679e-4c0d-42bc-904f-41c8f2e3d957", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ -1536, -592 ], "parameters": { "width": 976, "height": 1008, "content": "# AWS IAM Access Key Rotation Reminder Automation Workflow\n\n## **Who\u2019s it for**\n- DevOps/SRE teams responsible for AWS account security. \n- Security/compliance officers ensuring key rotation policies are followed. \n- Any AWS account owner who wants automatic detection of stale access keys. \n\n## **How it works / What it does**\n1. **Weekly Scheduler** \u2014 triggers the workflow on a recurring basis. \n2. **Get Many Users** \u2014 fetches all IAM users in the AWS account. \n3. **Get User Access Key(s)** \u2014 retrieves the access keys associated with each user. \n4. **Filter Out Inactive Keys** \u2014 removes keys that are not active (e.g., status `Inactive`). \n5. **Access Key Older Than 365 Days** \u2014 checks the key creation date and flags keys older than one year. \n6. **Send Slack Message** \u2014 notifies a Slack channel with details of the outdated key(s) for review and action. \n7. **No Operation** \u2014 safely ends the workflow if no keys match the condition. \n\n## **How to set up**\n- Configure the **Weekly Scheduler** to run at your desired cadence (e.g., every Monday). \n- Use **Get Many Users** to list all IAM users. \n- For each user, call **ListAccessKeys** (`Get User Access Key(s)`) to fetch their key metadata. \n- Apply a filter to keep only keys with status `Active`. \n- Add a condition to compare `CreateDate` against `today - 365 days`. \n- Send results to Slack using the **Slack Post Message** node. \n\n## **Requirements**\n- n8n (latest version). \n- AWS credential in n8n configured for **us-east-1** (IAM requires signing with this region). \n- IAM permissions: \n - `iam:ListUsers` \n - `iam:ListAccessKeys` \n- Slack bot credentials with permission to post messages in the desired channel. \n\n## **How to customize the workflow**\n- **Change threshold** \u2014 adjust the `365 days` condition to 90, 180, or any other rotation policy. \n- **Escalation** \u2014 mention `@security` or create a Jira/Ticket when old keys are found. \n- **Logging** \u2014 push flagged results into a Google Sheet, database, or log management system for audit. \n- **Automation** \u2014 instead of only notifying, add a step to automatically deactivate keys older than the threshold (after approval). \n- **Multi-account support** \u2014 duplicate or loop across multiple AWS credentials if you manage several AWS accounts. " }, "typeVersion": 1 }, { "id": "9234cd35-9728-47de-96c8-1eb5c4ffb354", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ -512, -144 ], "parameters": { "height": 112, "content": "### 1. Schedule Workflow\nRun the workflow on a weekly schedule to automatically check all IAM users." }, "typeVersion": 1 }, { "id": "9d2fff11-c252-45f8-af8b-e18761fed2a6", "name": "Sticky Note2", "type": "n8n-nodes-base.stickyNote", "position": [ -208, 192 ], "parameters": { "width": 304, "height": 112, "content": "\n### 2. Retrieve IAM Users and Access Keys\nFetch all IAM users and list their associated access keys." }, "typeVersion": 1 }, { "id": "e5535511-2750-45dd-bd7b-1daf18d41842", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ 112, -144 ], "parameters": { "width": 256, "height": 96, "content": "### 3. Filter Keys\nRemove inactive keys and keep only those that are active." }, "typeVersion": 1 }, { "id": "9714750e-365f-40fb-a917-7dfbce8d1803", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ 336, 208 ], "parameters": { "height": 112, "content": "### 4. Check Key Age\nIdentify keys that are older than 365 days based on their creation date." }, "typeVersion": 1 }, { "id": "bee26e8e-3f62-44e0-abf1-2a42b293ae75", "name": "Sticky Note7", "type": "n8n-nodes-base.stickyNote", "position": [ 896, -64 ], "parameters": { "width": 528, "height": 112, "content": "![](https://wisestackai.s3.ap-southeast-1.amazonaws.com/Screenshot+2025-08-17+at+1.56.54%E2%80%AFPM.png)" }, "typeVersion": 1 }, { "id": "ccbe9813-0aa1-410c-b389-abe678fa1d25", "name": "Get User Access Key(s)", "type": "n8n-nodes-base.httpRequest", "position": [ 0, 16 ], "parameters": { "url": "=https://iam.amazonaws.com/?Action=ListAccessKeys&UserName={{ $json.UserName }}&Version=2010-05-08", "options": {}, "authentication": "predefinedCredentialType", "nodeCredentialType": "aws" }, "credentials": { "aws": { "name": "" } }, "typeVersion": 4.2 }, { "id": "60809479-ea5c-4446-aa70-5c6d841d09ea", "name": "Filter out inactive keys", "type": "n8n-nodes-base.filter", "position": [ 224, 16 ], "parameters": { "options": {}, "conditions": { "options": { "version": 2, "leftValue": "", "caseSensitive": true, "typeValidation": "strict" }, "combinator": "and", "conditions": [ { "id": "2853872a-825b-4f59-8b4b-358cac8b197b", "operator": { "type": "string", "operation": "equals" }, "leftValue": "={{ $json.ListAccessKeysResponse.ListAccessKeysResult.AccessKeyMetadata[0].Status }}", "rightValue": "Active" } ] } }, "typeVersion": 2.2 }, { "id": "b58b0157-cd92-4e49-b6e9-739269329775", "name": "Access Key Older Than 365 days ", "type": "n8n-nodes-base.if", "position": [ 448, 16 ], "parameters": { "options": {}, "conditions": { "options": { "version": 2, "leftValue": "", "caseSensitive": true, "typeValidation": "strict" }, "combinator": "and", "conditions": [ { "id": "93641224-b6d2-4db1-8537-d85b1bbff56d", "operator": { "type": "dateTime", "operation": "before" }, "leftValue": "={{ $json.ListAccessKeysResponse.ListAccessKeysResult.AccessKeyMetadata[0].CreateDate.toDateTime('s') }}", "rightValue": "={{ $today.minus(365,'days') }}" } ] } }, "typeVersion": 2.2 }, { "id": "f98f864f-2efa-4246-93ab-a45667751d7a", "name": "Sticky Note5", "type": "n8n-nodes-base.stickyNote", "position": [ 640, -224 ], "parameters": { "height": 112, "content": "### 5. Notify via Slack\nSend a Slack message with details of any outdated keys for review and action." }, "typeVersion": 1 } ], "active": false, "settings": { "executionOrder": "v1" }, "versionId": "9cfdc756-fa57-40df-b849-4e445cfe6631", "connections": { "Get many users": { "main": [ [ { "node": "Get User Access Key(s)", "type": "main", "index": 0 } ] ] }, "Weekly scheduler": { "main": [ [ { "node": "Get many users", "type": "main", "index": 0 } ] ] }, "Get User Access Key(s)": { "main": [ [ { "node": "Filter out inactive keys", "type": "main", "index": 0 } ] ] }, "Filter out inactive keys": { "main": [ [ { "node": "Access Key Older Than 365 days ", "type": "main", "index": 0 } ] ] }, "Access Key Older Than 365 days ": { "main": [ [ { "node": "Send a message", "type": "main", "index": 0 } ], [ { "node": "No Operation, do nothing", "type": "main", "index": 0 } ] ] } } }