AWS IAM Actions

: Given a region, a CloudTrail ARN (where the logs are being recorded), a reference IAM ARN (whose usage we will parse), and a Service role, this will begin the generation of a IAM policy. The output is a String of the generation Id.

: AWS Attach New Policy to User

: Given an AWS policy (as a string), and the name for the policy, this will create an IAM policy.

: Create a new Access Key for the User

: Create New IAM User

: Create Login profile for IAM User

: Delete an Access Key for a User

: Given a Region and the ID of a policy generation job, this Action will return the policy (once it has been completed).

: This Lego collects the access keys that have never been used or the access keys that have been used but are older than the threshold.

: List all Access Keys for the User

: List all AWS IAM Users

: AWS List Attached User Policies

: List Expiring IAM User Access Keys

: This Lego filter gets all the IAM users' login profiles, and if the login profile is available, checks for the last password change if the password is greater than the given threshold, and lists those users.

: Update status of the Access Key