AWS IAM

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

Integration with LogicHub

Connecting with AWS IAM

To connect to AWS IAM following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Access Key: To access AWS API, provide a valid Access Key.
  • Secret Key: To access AWS API, provide a valid secret Key.
  • Region Name: To access AWS API, provide a valid Region name.

Actions with AWS IAM

Get Access Key Last Used

Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and Region that were specified in the last request made with that key.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Access Key: Jinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}}

Output of Action
JSON object containing following attributes:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "UserName":"Logichub-User",
      "AccessKeyLastUsed":{
         "LastUsedDate":"2021-06-09T04:17:00+00:00",
         "ServiceName":"iam",
         "Region":"us-east-1"
      },
      "ResponseMetadata":{
         "RequestId":"df329b96-752d-4170-96fe-499f29f9a625",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"df329b96-752d-4170-96fe-499f29f9a625",
            "content-type":"text/xml",
            "content-length":"498",
            "date":"Wed, 09 Jun 2021 14:16:51 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

Create Access Key

Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Username: Jinja-templated text containing the username. Example: {{aws_username_column_name}}

Output of Action
JSON object containing following attributes:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "AccessKey":{
         "UserName":"Logichub-User",
         "AccessKeyId":"AKxxxxxxxxxxxxxx",
         "Status":"Active",
         "SecretAccessKey":"f71xxxxxxxxxxxxxxxxxxxxxxx",
         "CreateDate":"2021-06-09T15:04:16+00:00"
      },
      "ResponseMetadata":{
         "RequestId":"0ea56b5b-757d-4f49-bb06-69da4df6b055",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"0ea56b5b-757d-4f49-bb06-69da4df6b055",
            "content-type":"text/xml",
            "content-length":"606",
            "date":"Wed, 09 Jun 2021 15:04:15 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

Delete Access Key

Deletes the access key pair associated with the specified IAM user.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Username: Jinja-templated text containing the username. Example: {{aws_username_column_name}}
  • Jinja Template Access Key: Jinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}}

Output of Action
JSON object containing following attributes:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "ResponseMetadata":{
         "RequestId":"eef000bd-b955-4950-bc3e-7b6ddfd514b5",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"eef000bd-b955-4950-bc3e-7b6ddfd514b5",
            "content-type":"text/xml",
            "content-length":"210",
            "date":"Wed, 09 Jun 2021 15:01:46 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

List Access Keys

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Username: Jinja-templated text containing the username. Example: {{aws_username_column_name}}

Output of Action
Array of JSON object representing access key details in individual rows.

{
   "UserName":"Logichub-User",
   "has_error":false,
   "AccessKeyId":"AKIXXXXXXXXXXXXXXXXXXX",
   "CreateDate":"2021-06-09T04:10:12+00:00",
   "error":null,
   "Status":"Inactive"
}

Update Access Key

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template Username: Jinja-templated text containing the username. Example: {{aws_username_column_name}}
  • Jinja Template Access Key: Jinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}}
  • Status: Select new status of the access key. Possible values are (Active / Inactive)

Output of Action
JSON object containing following attributes:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "ResponseMetadata":{
         "RequestId":"32e608e4-d3a8-4970-8e3a-479862a6a4c7",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"32e608e4-d3a8-4970-8e3a-479862a6a4c7",
            "content-type":"text/xml",
            "content-length":"210",
            "date":"Wed, 09 Jun 2021 14:47:41 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

Attach User Policy

Attaches the specified managed policy to the specified user.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Role Arn: Jinja-Templated text containing the value of Role Arn. Example: {{role_arn}}
  • Jinja Template Username: Jinja-templated text containing the username. Example: {{aws_username_column_name}}
  • Jinja Template Policy ARN: Jinja-templated text containing the policy arn to be attached. Example: {{policy_column_name}}

Output of Action
JSON object containing following attributes:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "ResponseMetadata":{
         "RequestId":"048faea0-1f9d-4bb6-8716-160f19f072a5",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"048faea0-1f9d-4bb6-8716-160f19f072a5",
            "content-type":"text/xml",
            "content-length":"212",
            "date":"Mon, 18 Oct 2021 18:11:14 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

List Policies

Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Policy Usage Filter: Select policy usage filter. (Default is to ignore this filter).Select policy usage filter. (Default is to ignore this filter). Possible values are: PermissionsPolicy or PermissionsBoundary.
  • Scope: Scope to use for filtering the results. (Default is All). Possible values are: All, AWS or Local.
  • Only Attached: A flag to filter the results to only the attached policies. (Default is False). Possible values are: True or False.
  • Max Items: Maximum number of policies to return. (Default is to not provide any limit and return all the policies).

Output of Action
JSON object containing following attributes:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "Arn":"arn:aws:iam::00xxxxxxx:policy/AllowMoreReadForInfosec",
   "AttachmentCount":1,
   "CreateDate":"2020-04-22T23:31:38+00:00",
   "DefaultVersionId":"v1",
   "IsAttachable":true,
   "Path":"/",
   "PermissionsBoundaryUsageCount":0,
   "PolicyId":"ANPAQEBFLQ6YJO45PSNFQ",
   "PolicyName":"AllowMoreReadForInfosec",
   "UpdateDate":"2020-04-22T23:31:38+00:00",
   "error":null,
   "has_error":false
}

Did this page help you?