Niranjan G This workflow corresponds to n8n.io template #5123 — we link there as the canonical source.
This workflow follows the Agent → Form Trigger recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"meta": {
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "d5fa0dbd-41d5-402c-1234-1234567890",
"name": "\ud83d\udd11 Fetch User Access Keys",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1480,
380
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "ListAccessKeys"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.1
},
{
"id": "02461671-e2a2-4424-bfe8-fd74afc460c5",
"name": "\ud83d\udcca Parse Access Key Response",
"type": "n8n-nodes-base.code",
"position": [
-1260,
380
],
"parameters": {
"jsCode": "const result = {};\nlet counter = 1;\n\nfor (const item of items) {\n try {\n const response = item.json.body || item.json;\n const metadata = response?.ListAccessKeysResponse?.ListAccessKeysResult?.AccessKeyMetadata || [];\n\n for (const key of metadata) {\n const keyLabel = `AccessKey${counter}`;\n result[keyLabel] = {\n [`AccessKeyId${counter}`]: key.AccessKeyId,\n [`UserName${counter}`]: key.UserName,\n Status: key.Status,\n [`CreateDate${counter}`]: new Date(key.CreateDate * 1000).toISOString()\n };\n counter++;\n }\n } catch (error) {\n console.error('Error processing access keys:', error);\n }\n}\n\nreturn [{ json: result }];\n"
},
"typeVersion": 2
},
{
"id": "83640bea-3b16-4173-a486-bcbfe9cffddd",
"name": "\ud83d\udeab Deactivate Compromised Key",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-180,
900
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "UpdateAccessKey"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
},
{
"name": "AccessKeyId",
"value": "={{ $json.AccessKeyId }}"
},
{
"name": "Status",
"value": "Inactive"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.1
},
{
"id": "d671f4f7-759f-4bd6-abc1-abc1234567",
"name": "\ud83d\udcdc Audit Inline Policies",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-160,
1320
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "ListUserPolicies"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "6e6a912f-d043-44c0-abc1-abc123456789",
"name": "\ud83d\udd0d Audit Attached Policies",
"type": "n8n-nodes-base.httpRequest",
"position": [
-160,
1680
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "ListAttachedUserPolicies"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "9fc7c861-a714-4b24-b19d-7d163c8e6a4d",
"name": "\ud83d\udee1\ufe0f Generate Invalidation Policy",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-200,
480
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "CreatePolicy"
},
{
"name": "PolicyDocument",
"value": "={\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\": \"DenyExpiredSessions\",\n \"Effect\": \"Deny\",\n \"Action\": \"*\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"DateLessThan\": {\n \"aws:TokenIssueTime\": \"{{ $now.minus({ days: 3 }).toISO() }}\"\n }\n }\n }]\n}\n"
},
{
"name": "PolicyName",
"value": "=Invalidating-Temporary-Security-Credentials-{{ $now.toFormat('yyyy-MM-dd') + '-' + Math.random().toString(36).substring(2, 8).toUpperCase() }}"
},
{
"name": "Version",
"value": "2010-05-08"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "df0f64b3-95cf-48ef-b2a9-fe035d3e14ad",
"name": "\ud83d\udd17 Apply Security Policy",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
340,
60
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "AttachUserPolicy"
},
{
"name": "PolicyArn",
"value": "={{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.Arn }}"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $('\u2705 Approved Compromise Data').item.json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "c4ec2ef4-7db8-4189-877b-abc1234567890",
"name": "\ud83d\udce4 Extract Inline Policy Names",
"type": "n8n-nodes-base.splitOut",
"onError": "continueRegularOutput",
"position": [
60,
1320
],
"parameters": {
"options": {},
"fieldToSplitOut": "ListUserPoliciesResponse.ListUserPoliciesResult.PolicyNames"
},
"typeVersion": 1
},
{
"id": "07ab67a9-146d-4576-8afa-a128cf62974f",
"name": "\ud83d\udd04 Batch Process Inline Policies",
"type": "n8n-nodes-base.splitInBatches",
"position": [
280,
1320
],
"parameters": {
"options": {}
},
"typeVersion": 3
},
{
"id": "ff91b356-3771-463f-8593-82a0396c6514",
"name": "\ud83d\udd04 Batch Process Attached Policies",
"type": "n8n-nodes-base.splitInBatches",
"position": [
280,
1700
],
"parameters": {
"options": {}
},
"typeVersion": 3
},
{
"id": "e1344921-481a-467b-9240-72b80e8f8ef9",
"name": "\ud83d\udce4 Extract Attached Policy List",
"type": "n8n-nodes-base.splitOut",
"position": [
60,
1680
],
"parameters": {
"options": {},
"fieldToSplitOut": "ListAttachedUserPoliciesResponse.ListAttachedUserPoliciesResult.AttachedPolicies"
},
"typeVersion": 1
},
{
"id": "c884daa9-f96f-40c7-8fd0-3a00612bf431",
"name": "\ud83e\udd16 AI Security Analysis",
"type": "@n8n/n8n-nodes-langchain.agent",
"onError": "continueRegularOutput",
"position": [
2400,
980
],
"parameters": {
"text": "={{ JSON.stringify($json.data, null, 2) }}",
"options": {
"systemMessage": "# AWS Key Compromise Response Summary Prompt\n\nYou are an AWS security analyst. Your task is to analyze the key compromise response actions and provide a simple, clear summary of what happened and the current security status.\n\n## Instructions\n\nFollow these instructions precisely:\n\n### 1. Analysis Output Format\n\nOutput your analysis wrapped exactly between these tags, inside a fenced code block:\n```\n...your simple analysis here...\n```\n\n### 2. Keep It Simple - Focus Only On:\n\n#### Key Compromise Response Summary\n- **What happened**: Brief description of the compromise\n- **Actions taken**: Key deactivation, policy creation, and attachment status\n- **Current status**: Whether the response was successful\n- **Risk level**: Simple HIGH/MEDIUM/LOW assessment\n\n#### Essential Details Only\n- **User affected**: Username and access key ID\n- **Response actions**: What automated actions were completed\n- **Security status**: Current protection level after response\n- **Next steps**: 1-2 simple recommendations if needed\n\n### 3. Policy Analysis Guidelines\n\n**Ignore all policy version metadata** fields \u2014 if you see `versionId`, `isDefault`, `createDate`, or the `\"Version\"` field inside `decodedPolicy`, do **not** mention or interpret these as security findings; focus **only** on the actual policy statements and actions.\n\n### 4. Slack-Compatible Report\n\nAfter the fenced code block, output a Slack-compatible report using **ONLY** the following supported Slack Markdown formats:\n\n#### Supported Slack Markdown Elements:\n- **Bold text:** `*bold text*` (asterisks)\n- **Italic text:** `_italic text_` (underscores)\n- **Strikethrough:** `~strikethrough~` (tildes)\n- **Inline code:** `code` (single backticks)\n- **Code blocks:** ``` (three backticks)\n- **Block quotes:** `> quoted text` (greater than symbol)\n- **Bulleted lists:** `* item` or `\u2022 item` (asterisk or bullet)\n- **Ordered lists:** `1. item` (number and period)\n- **Links:** `<https://example.com|Link Text>` (angle brackets with pipe)\n\n#### Slack Report Format:\n\n\ud83d\udea8 *AWS Key Compromise Response Summary*\n\n\ud83d\udc64 *Affected User*\n\u2022 User: username\n\u2022 Access Key: AKIA...\n\n\u2705 *Response Actions Completed*\n\u2022 \ud83d\udeab Access key deactivated\n\u2022 \ud83d\udee1\ufe0f Security policy applied\n\u2022 \u23f0 Temporary credentials invalidated\n\n\ud83d\udcca *Current Status*\n\u2022 Response: Successful/Failed\n\u2022 Risk Level: HIGH/MEDIUM/LOW\n\u2022 Account Secured: Yes/No\n\n\ud83d\udca1 *Next Steps*\n\u2022 [1-2 simple recommendations or \"No further action needed\"]\n\n\ud83d\udcc5 *Incident Date*\n\u2022 YYYY-MM-DD\n\n_Automated security response completed_\n\n### 5. Simple Guidelines\n\n**Keep it simple:**\n\u2022 Use clear, non-technical language\n\u2022 Focus on what happened and current status\n\u2022 Avoid complex security jargon\n\u2022 Provide actionable next steps only if needed\n\u2022 Keep the summary under 200 words\n\n### 6. What to Look For in the Data\n\n- **User information**: Username and access key ID\n- **Key deactivation**: Whether the access key was successfully disabled\n- **Policy creation**: Whether security policies were created and attached\n- **Response status**: Overall success or failure of the automated response\n\nThis prompt is designed to provide simple, clear summaries of AWS key compromise response actions for business stakeholders."
},
"promptType": "define"
},
"typeVersion": 2
},
{
"id": "3eae5e83-a978-44eb-814e-ca97d32bcde0",
"name": "\ud83d\udd00 Merge Response Data",
"type": "n8n-nodes-base.merge",
"position": [
1940,
920
],
"parameters": {
"numberInputs": 6
},
"typeVersion": 3.2
},
{
"id": "45f1ed8f-e1cd-45ff-a70b-96e4ffa5dbb4",
"name": "\ud83d\udce6 Aggregate Final Results",
"type": "n8n-nodes-base.aggregate",
"position": [
2180,
980
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData"
},
"typeVersion": 1
},
{
"id": "9880aa6e-5475-467f-9281-64c42b3d7898",
"name": "\ud83d\udccb Fetch Policy Metadata",
"type": "n8n-nodes-base.httpRequest",
"position": [
500,
1760
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "GetPolicy"
},
{
"name": "Version",
"value": "=2010-05-08"
},
{
"name": "PolicyArn",
"value": "={{ $json.PolicyArn }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "fa82af49-be87-4579-a6fc-68b14e16b1aa",
"name": "\ud83d\udcc4 Retrieve Policy Document",
"type": "n8n-nodes-base.httpRequest",
"position": [
720,
1760
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "GetPolicyVersion"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "=PolicyArn",
"value": "={{ $json.GetPolicyResponse.GetPolicyResult.Policy.Arn }}"
},
{
"name": "=VersionId",
"value": "={{ $json.GetPolicyResponse.GetPolicyResult.Policy.DefaultVersionId }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "b1abafca-5443-4dc5-992e-7210296b27ca",
"name": "\ud83d\udcdc Retrieve Inline Policy Details",
"type": "n8n-nodes-base.httpRequest",
"position": [
520,
1360
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "GetUserPolicy"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $('\ud83d\udcdd Secure Form: Key Compromise Input').item.json.Username }}"
},
{
"name": "=PolicyName",
"value": "={{ $json[\"ListUserPoliciesResponse.ListUserPoliciesResult.PolicyNames\"] }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 4.2
},
{
"id": "68ad6474-1a28-4c1d-9708-911e3475da7d",
"name": "\ud83d\udd13 Parse Inline Policy JSON",
"type": "n8n-nodes-base.code",
"position": [
720,
1360
],
"parameters": {
"jsCode": "// Sample input (you'll usually get this from n8n's input)\nconst inputItems = $input.all();\n\nconst decodedPolicies = inputItems.map(item => {\n const encoded = item.json?.GetUserPolicyResponse?.GetUserPolicyResult?.PolicyDocument;\n let decoded = null;\n let parsed = null;\n\n try {\n decoded = decodeURIComponent(encoded);\n parsed = JSON.parse(decoded);\n } catch (e) {\n // Fallback if decoding or parsing fails\n parsed = { error: 'Invalid or undecodable policy document' };\n }\n\n return {\n json: {\n user: item.json?.GetUserPolicyResponse?.GetUserPolicyResult?.UserName || 'unknown',\n policyName: item.json?.GetUserPolicyResponse?.GetUserPolicyResult?.PolicyName || 'unknown',\n decodedPolicy: parsed\n }\n };\n});\n\nreturn decodedPolicies;\n"
},
"typeVersion": 2
},
{
"id": "d3cf69d7-15ba-4ec9-b463-6223ed3959eb",
"name": "\ud83d\udd13 Parse Attached Policy JSON",
"type": "n8n-nodes-base.code",
"position": [
900,
1760
],
"parameters": {
"jsCode": "const inputItems = $input.all();\n\nconst decodedPolicies = inputItems.map(item => {\n const encoded = item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.Document;\n let decoded = null;\n let parsed = null;\n\n try {\n decoded = decodeURIComponent(encoded);\n parsed = JSON.parse(decoded);\n } catch (e) {\n parsed = { error: 'Invalid or undecodable policy document' };\n }\n\n return {\n json: {\n versionId: item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.VersionId || 'unknown',\n isDefault: item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.IsDefaultVersion || false,\n createDate: item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.CreateDate || null,\n decodedPolicy: parsed\n }\n };\n});\n\nreturn decodedPolicies;\n"
},
"typeVersion": 2
},
{
"id": "9b3a898c-70be-4fb1-905d-e29a92e89772",
"name": "\u26a1 Inline Policy Router",
"type": "n8n-nodes-base.noOp",
"position": [
920,
1360
],
"parameters": {},
"typeVersion": 1
},
{
"id": "9402330b-7f94-4fbc-ba49-38e668e59abe",
"name": "\u26a1 Attached Policy Router",
"type": "n8n-nodes-base.noOp",
"position": [
1100,
1760
],
"parameters": {},
"typeVersion": 1
},
{
"id": "0d40fba1-568e-41db-8d58-170df5f0a927",
"name": "\ud83d\udcac Notify Security Team",
"type": "n8n-nodes-base.slack",
"position": [
2760,
980
],
"parameters": {
"text": "=\ud83d\udeab AWS Key Compromise Summary\n\n {{ $json.output }}",
"select": "channel",
"channelId": {
"__rl": true,
"mode": "id",
"value": "ABC1234567890"
},
"otherOptions": {}
},
"credentials": {
"slackApi": {
"name": "<your credential>"
}
},
"typeVersion": 2.3
},
{
"id": "89b5bf1b-081c-46e9-b634-eb4e95a6e2a9",
"name": "\ud83e\udde0 Claude AI Engine",
"type": "@n8n/n8n-nodes-langchain.lmChatAnthropic",
"position": [
2420,
1200
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "claude-3-7-sonnet-20250219",
"cachedResultName": "Claude Sonnet 3.7"
},
"options": {}
},
"credentials": {
"anthropicApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.3
},
{
"id": "bec15d6b-2869-4784-b55d-c1cb8a1644d9",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
1600
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## \ud83d\udd04 Process Each Attached Policy"
},
"typeVersion": 1
},
{
"id": "06904eef-ed07-4b84-a4b9-c5f9defb384d",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
1180
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## \ud83d\udd04 Process Each Inline Policy"
},
"typeVersion": 1
},
{
"id": "ca8a044a-211a-4548-86e6-f2ae758b97f1",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
760
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## \ud83d\udeab Disable Compromised Key"
},
"typeVersion": 1
},
{
"id": "22145ce8-1fcb-4e7d-977a-5e3758a4b635",
"name": "Sticky Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
340
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## \ud83d\udee0 Create Security Policy [Invalidating-Temporary-Security-Credentials]"
},
"typeVersion": 1
},
{
"id": "f4100d07-40db-41da-a60c-3770fc8dbba3",
"name": "Sticky Note4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
-80
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## \ud83d\udd17 Attach Security Policy [Invalidating-Temporary-Security-Credentials]]"
},
"typeVersion": 1
},
{
"id": "b0bac576-f2ab-4d58-b1f6-1fb70a620649",
"name": "Sticky Note5",
"type": "n8n-nodes-base.stickyNote",
"position": [
1700,
700
],
"parameters": {
"color": 5,
"width": 1320,
"height": 740,
"content": "## \ud83e\udd16 Generate Security Report"
},
"typeVersion": 1
},
{
"id": "489444dd-c8ab-444e-ac11-aef48061650b",
"name": "Sticky Note6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-2260,
780
],
"parameters": {
"color": 3,
"width": 720,
"height": 400,
"content": "# \u270f\ufe0f Manual Entry: UserName & AccessKeyId"
},
"typeVersion": 1
},
{
"id": "3f524117-9a16-4e3c-9c9b-b365af4d51c7",
"name": "Sticky Note7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-2080,
240
],
"parameters": {
"width": 1360,
"height": 400,
"content": "## \ud83d\udd0d Retrieve IAM Key Info"
},
"typeVersion": 1
},
{
"id": "e3bf53dd-84dd-48aa-af4a-0352e30ea4ba",
"name": "\ud83d\udd0d AWS IAM Service",
"type": "n8n-nodes-base.awsIam",
"position": [
-1700,
380
],
"parameters": {
"returnAll": true,
"requestOptions": {},
"additionalFields": {}
},
"credentials": {
"aws": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"id": "4be7829d-c736-4125-aaa6-f75118e98c17",
"name": "\ud83d\udd14 Request Human Approval",
"type": "n8n-nodes-base.slack",
"position": [
-1320,
940
],
"parameters": {
"user": {
"__rl": true,
"mode": "id",
"value": "ABC1234567890"
},
"message": "=\ud83d\udee1\ufe0f Approval Request: AWS IAM Key Compromise Response\n\nUser: {{ $json.UserName }}\nAccess Key ID: {{ $json.AccessKeyId }}\nDate: {{ $json.Date }}\n\nPlease review and approve the remediation action.",
"options": {},
"operation": "sendAndWait"
},
"credentials": {
"slackApi": {
"name": "<your credential>"
}
},
"typeVersion": 2.3,
"alwaysOutputData": true
},
{
"id": "1db4a332-df13-494b-87e6-1226f8d89b3f",
"name": "Sticky Note8",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1480,
780
],
"parameters": {
"color": 4,
"width": 420,
"height": 400,
"content": "# \u270f\ufe0f Human in the loop\n## Wait for approval or human input before continuing"
},
"typeVersion": 1
},
{
"id": "296666c1-c6dd-451e-b9d6-a799634ac9ae",
"name": "\u2705 Approved Compromise Data",
"type": "n8n-nodes-base.set",
"position": [
-880,
940
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "ad40b317-c48b-4814-b06b-6aced6ab5174",
"name": "UserName",
"type": "string",
"value": "={{ $('\ud83d\udcdd Secure Form: Key Compromise Input').item.json.Username }}"
},
{
"id": "a5b68025-b2cc-42d6-aae8-527bd46dad41",
"name": "AccessKeyId",
"type": "string",
"value": "={{ $('\ud83d\udcdd Secure Form: Key Compromise Input').item.json.AccessKeyID }}"
},
{
"id": "23551fee-041c-4822-9957-da228b721bc1",
"name": "Date",
"type": "string",
"value": "={{ new Date().toISOString().split(\"T\")[0] }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "95eb48d4-ef3f-410b-b2d8-815e9083e5e4",
"name": "Sticky Note9",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
780
],
"parameters": {
"color": 4,
"width": 420,
"height": 400,
"content": "# \u270f\ufe0f Selected UserName & AccessKeyId"
},
"typeVersion": 1
},
{
"id": "2b792970-ebae-4e60-86b3-1780c45948e5",
"name": "\ud83d\udd27 Process Form Submission",
"type": "n8n-nodes-base.set",
"position": [
-1820,
940
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "ad40b317-c48b-4814-b06b-6aced6ab5174",
"name": "UserName",
"type": "string",
"value": "={{ $json.Username }}"
},
{
"id": "a5b68025-b2cc-42d6-aae8-527bd46dad41",
"name": "AccessKeyId",
"type": "string",
"value": "={{ $json.AccessKeyID }}"
},
{
"id": "23551fee-041c-4822-9957-da228b721bc1",
"name": "Date",
"type": "string",
"value": "={{ new Date().toISOString().split(\"T\")[0] }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "987b3736-c325-4fe5-8d70-f14b9f5955d8",
"name": "\ud83d\udd0d Manual Key Lookup Trigger",
"type": "n8n-nodes-base.manualTrigger",
"position": [
-1920,
380
],
"parameters": {},
"typeVersion": 1
},
{
"id": "97bb3007-1143-4a13-9adf-811e1268db4f",
"name": "\ud83d\udcdd Secure Form: Key Compromise Input",
"type": "n8n-nodes-base.formTrigger",
"position": [
-2100,
940
],
"parameters": {
"options": {},
"formTitle": "\ud83d\udea8 Automated AWS IAM Key Compromise Response Input",
"formFields": {
"values": [
{
"fieldLabel": "Username",
"requiredField": true
},
{
"fieldLabel": "AccessKeyID",
"requiredField": true
}
]
},
"authentication": "basicAuth"
},
"credentials": {
"httpBasicAuth": {
"name": "<your credential>"
}
},
"typeVersion": 2.2
},
{
"id": "33cd00aa-6027-4b3b-b373-c802ac6bf17d",
"name": "\u26a1 No Operation, do nothing",
"type": "n8n-nodes-base.noOp",
"position": [
-1040,
380
],
"parameters": {},
"typeVersion": 1
}
],
"connections": {
"\ud83d\udd0d AWS IAM Service": {
"main": [
[
{
"node": "\ud83d\udd11 Fetch User Access Keys",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0 Claude AI Engine": {
"ai_languageModel": [
[
{
"node": "\ud83e\udd16 AI Security Analysis",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"\u26a1 Inline Policy Router": {
"main": [
[
{
"node": "\ud83d\udd04 Batch Process Inline Policies",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd00 Merge Response Data": {
"main": [
[
{
"node": "\ud83d\udce6 Aggregate Final Results",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udd16 AI Security Analysis": {
"main": [
[
{
"node": "\ud83d\udcac Notify Security Team",
"type": "main",
"index": 0
}
]
]
},
"\u26a1 Attached Policy Router": {
"main": [
[
{
"node": "\ud83d\udd04 Batch Process Attached Policies",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udccb Fetch Policy Metadata": {
"main": [
[
{
"node": "\ud83d\udcc4 Retrieve Policy Document",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcdc Audit Inline Policies": {
"main": [
[
{
"node": "\ud83d\udce4 Extract Inline Policy Names",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd17 Apply Security Policy": {
"main": [
[
{
"node": "\ud83d\udd00 Merge Response Data",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd11 Fetch User Access Keys": {
"main": [
[
{
"node": "\ud83d\udcca Parse Access Key Response",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd14 Request Human Approval": {
"main": [
[
{
"node": "\u2705 Approved Compromise Data",
"type": "main",
"index": 0
}
]
]
},
"\u2705 Approved Compromise Data": {
"main": [
[
{
"node": "\ud83d\udee1\ufe0f Generate Invalidation Policy",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udeab Deactivate Compromised Key",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udd00 Merge Response Data",
"type": "main",
"index": 3
},
{
"node": "\ud83d\udcdc Audit Inline Policies",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udd0d Audit Attached Policies",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udce6 Aggregate Final Results": {
"main": [
[
{
"node": "\ud83e\udd16 AI Security Analysis",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd0d Audit Attached Policies": {
"main": [
[
{
"node": "\ud83d\udce4 Extract Attached Policy List",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd27 Process Form Submission": {
"main": [
[
{
"node": "\ud83d\udd14 Request Human Approval",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcc4 Retrieve Policy Document": {
"main": [
[
{
"node": "\ud83d\udd13 Parse Attached Policy JSON",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd13 Parse Inline Policy JSON": {
"main": [
[
{
"node": "\u26a1 Inline Policy Router",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcca Parse Access Key Response": {
"main": [
[
{
"node": "\u26a1 No Operation, do nothing",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd0d Manual Key Lookup Trigger": {
"main": [
[
{
"node": "\ud83d\udd0d AWS IAM Service",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd13 Parse Attached Policy JSON": {
"main": [
[
{
"node": "\u26a1 Attached Policy Router",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udeab Deactivate Compromised Key": {
"main": [
[
{
"node": "\ud83d\udd00 Merge Response Data",
"type": "main",
"index": 2
}
]
]
},
"\ud83d\udce4 Extract Inline Policy Names": {
"main": [
[
{
"node": "\ud83d\udd04 Batch Process Inline Policies",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udce4 Extract Attached Policy List": {
"main": [
[
{
"node": "\ud83d\udd04 Batch Process Attached Policies",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd04 Batch Process Inline Policies": {
"main": [
[
{
"node": "\ud83d\udd00 Merge Response Data",
"type": "main",
"index": 4
}
],
[
{
"node": "\ud83d\udcdc Retrieve Inline Policy Details",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcdc Retrieve Inline Policy Details": {
"main": [
[
{
"node": "\ud83d\udd13 Parse Inline Policy JSON",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd04 Batch Process Attached Policies": {
"main": [
[
{
"node": "\ud83d\udd00 Merge Response Data",
"type": "main",
"index": 5
}
],
[
{
"node": "\ud83d\udccb Fetch Policy Metadata",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udee1\ufe0f Generate Invalidation Policy": {
"main": [
[
{
"node": "\ud83d\udd17 Apply Security Policy",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udd00 Merge Response Data",
"type": "main",
"index": 1
}
]
]
},
"\ud83d\udcdd Secure Form: Key Compromise Input": {
"main": [
[
{
"node": "\ud83d\udd27 Process Form Submission",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
anthropicApiawshttpBasicAuthslackApi
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
This n8n workflow provides a secure, enterprise-grade response system for AWS IAM access key compromises with built-in form submission and human approval mechanisms. When an AWS access key is suspected to be compromised, this workflow enables rapid containment through a secure…
Source: https://n8n.io/workflows/5123/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
Content - Newsletter Agent. Uses formTrigger, chainLlm, outputParserStructured, httpRequest. Event-driven trigger; 87 nodes.
Form Trigger, Chain Llm, Output Parser Structured +7
This workflow contains community nodes that are only compatible with the self-hosted version of n8n.
Form Trigger, Google Sheets, HTTP Request +3
This workflow is designed for marketers, founders, agencies, and product teams who want to understand how real customers talk about a product category, market, or problem space.
Reddit, Agent, Output Parser Structured +3
YouTube Strategist. Uses formTrigger, splitOut, splitInBatches, agent. Event-driven trigger; 50 nodes.
Form Trigger, Agent, OpenRouter Chat +5
This advanced multi-phase n8n workflow automates the complete research, analysis, and ideation pipeline for a YouTube strategist. It scrapes competitor channels, analyzes top-performing titles and thu
Form Trigger, Agent, OpenRouter Chat +5