AWS IAM (Assumed Role)

Version: 2.0.0

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

Connect AWS IAM with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for AWS IAM.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Access Key: To access AWS API, provide a valid Access Key.
    • Secret Key: To access AWS API, provide a valid secret Key.

Actions for AWS IAM

Get Access Key Last Used

Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and Region that were specified in the last request made with that key.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Role ArnJinja-templated text containing the value of Role Arn.
Example: {{role_arn}}
Required
Access KeyJinja-templated text containing the name of the access key.
Example: {{aws_iam_column_name}}
Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "UserName":"Logichub-User",
      "AccessKeyLastUsed":{
         "LastUsedDate":"2021-06-09T04:17:00+00:00",
         "ServiceName":"iam",
         "Region":"us-east-1"
      },
      "ResponseMetadata":{
         "RequestId":"df329b96-752d-4170-96fe-499f29f9a625",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"df329b96-752d-4170-96fe-499f29f9a625",
            "content-type":"text/xml",
            "content-length":"498",
            "date":"Wed, 09 Jun 2021 14:16:51 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

Create Access Key

Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Role ArnJinja-templated text containing the value of Role Arn.
Example: {{role_arn}}
Required
UsernameJinja-templated text containing the username. Example: {{aws_username_column_name}}Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "AccessKey":{
         "UserName":"Logichub-User",
         "AccessKeyId":"AKxxxxxxxxxxxxxx",
         "Status":"Active",
         "SecretAccessKey":"f71xxxxxxxxxxxxxxxxxxxxxxx",
         "CreateDate":"2021-06-09T15:04:16+00:00"
      },
      "ResponseMetadata":{
         "RequestId":"0ea56b5b-757d-4f49-bb06-69da4df6b055",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"0ea56b5b-757d-4f49-bb06-69da4df6b055",
            "content-type":"text/xml",
            "content-length":"606",
            "date":"Wed, 09 Jun 2021 15:04:15 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

Delete Access Key

Deletes the access key pair associated with the specified IAM user.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Role ArnJinja-templated text containing the value of Role Arn.
Example: {{role_arn}}
Required
UsernameJinja-templated containing the username. Example: {{aws_username_column_name}}Required
Access KeyJinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}}Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "ResponseMetadata":{
         "RequestId":"eef000bd-b955-4950-bc3e-7b6ddfd514b5",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"eef000bd-b955-4950-bc3e-7b6ddfd514b5",
            "content-type":"text/xml",
            "content-length":"210",
            "date":"Wed, 09 Jun 2021 15:01:46 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

List Access Keys

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Role ArnJinja-templated text containing the value of Role Arn.
Example: {{role_arn}}
Required
UsernameJinja-templated text containing the username.
Example: {{aws_username_column_name}}
Required

Output

Array of JSON object representing access key details in individual rows.

{
  "result": {
    "UserName":"Logichub-User",
    "has_error":false,
    "AccessKeyId":"AKIXXXXXXXXXXXXXXXXXXX",
    "CreateDate":"2021-06-09T04:10:12+00:00",
    "error":null,
    "Status":"Inactive"
  },
  "role_arn": "arn:aws:iam::{{account_id}}:role/{{role_name}}"
}

Update Access Key

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Role ArnJinja-templated text containing the value of Role Arn. Example: {{role_arn}}Required
UsernameJinja-templated text containing the username. Example: {{aws_username_column_name}}Required
Access KeyJinja-templated text containing the name of the access key. Example: {{aws_iam_column_name}}Required
StatusSelect new status of the access key. Possible values are (Active / Inactive).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "ResponseMetadata":{
         "RequestId":"32e608e4-d3a8-4970-8e3a-479862a6a4c7",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"32e608e4-d3a8-4970-8e3a-479862a6a4c7",
            "content-type":"text/xml",
            "content-length":"210",
            "date":"Wed, 09 Jun 2021 14:47:41 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

Attach User Policy

Attaches the specified managed policy to the specified user.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Role ArnJinja-templated text containing the value of Role Arn.
Example: {{role_arn}}
Required
UsernameJinja-templated text containing the username.
Example: {{aws_username_column_name}}
Required
Policy ARNJinja-templated text containing the policy arn to be attached.
Example: {{policy_column_name}}
Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "result":{
      "ResponseMetadata":{
         "RequestId":"048faea0-1f9d-4bb6-8716-160f19f072a5",
         "HTTPStatusCode":200,
         "HTTPHeaders":{
            "x-amzn-requestid":"048faea0-1f9d-4bb6-8716-160f19f072a5",
            "content-type":"text/xml",
            "content-length":"212",
            "date":"Mon, 18 Oct 2021 18:11:14 GMT"
         },
         "RetryAttempts":0
      }
   },
   "error":null,
   "has_error":false
}

List Policies

Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Policy Usage FilterSelect policy usage filter. (Default is to ignore this filter).Select policy usage filter. (Default is to ignore this filter). Possible values are: PermissionsPolicy or PermissionsBoundary.Required
ScopeScope to use for filtering the results. (Default is All). Possible values are: All, AWS or Local.Required
Only AttachedA flag to filter the results to only the attached policies. (Default is False). Possible values are: True or False.Required
Max ItemsMaximum number of policies to return. (Default is to not provide any limit and return all the policies).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Response from AWS IAM
{
   "Arn":"arn:aws:iam::00xxxxxxx:policy/AllowMoreReadForInfosec",
   "AttachmentCount":1,
   "CreateDate":"2020-04-22T23:31:38+00:00",
   "DefaultVersionId":"v1",
   "IsAttachable":true,
   "Path":"/",
   "PermissionsBoundaryUsageCount":0,
   "PolicyId":"ANPAQEBFLQ6YJO45PSNFQ",
   "PolicyName":"AllowMoreReadForInfosec",
   "UpdateDate":"2020-04-22T23:31:38+00:00",
   "error":null,
   "has_error":false
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem