How to filter on usernames using custodian iam-user resource?

148 Views Asked by Cjcascade At 21 October 2024 at 08:08

We use service accounts and I'm looking to run this policy only on user accounts that begin with svc_.

The below code will act on all user accounts where the access keys are > 90.

policies:
  - name: iam-user-access-keys-older-than-90days
    description: |
      Retrieve all IAM user accounts whom have active access keys that are 
      older than 90days
    resource: iam-user
    filters:
      - type: access-key
        key: Status
        value: Active
      - type: access-key
        match-operator: and
        key: CreateDate
        value: 90
        op: greater-than
        value_type: age

Original Q&A

There are 1 best solutions below

Cjcascade On 18 September 2020 at 18:20

Thank you. I created a separate policy for the services accounts and followed your suggestion of using type, value, and key.

- name: iam-user-service-access-keys-older-than-90days
  description: |
    Retrieve all IAM user service accounts whom have active access 
    keys that are older than 90days
  resource: iam-user
  filters:
    - type: access-key
      key: Status
      value: Active
    - type: access-key
      match-operator: and
      key: CreateDate
      value: 90
      op: greater-than
      value_type: age
    - type: access-key
      match-operator: and
      key: <enter key name here>
      value: Active
      op: equa

How to filter on usernames using custodian iam-user resource?

There are 1 best solutions below

Related Questions in AMAZON-IAM

Related Questions in ACCESS-KEYS

Related Questions in CLOUDCUSTODIAN

Trending Questions

Popular # Hahtags

Popular Questions