自动化AWS IAM密钥泄露响应,使用Slack和Claude AI
高级
这是一个AI领域的自动化工作流,包含 40 个节点。主要使用 Set, Code, Merge, Slack, AwsIam 等节点,结合人工智能技术实现智能自动化。 自动化AWS IAM密钥泄露响应,使用Slack和Claude AI
前置要求
- •Slack Bot Token 或 Webhook URL
- •AWS Access Key 和 Secret
- •可能需要目标 API 的认证凭证
- •Anthropic API Key
使用的节点 (40)
分类
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"meta": {
"instanceId": "c62c01f3e843893075a10f252ec7d6d69e5ab593af019f50055d506cb3081b99",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "d5fa0dbd-41d5-402c-1234-1234567890",
"name": "🔑 获取用户访问密钥",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1480,
380
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "ListAccessKeys"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.1
},
{
"id": "02461671-e2a2-4424-bfe8-fd74afc460c5",
"name": "📊 解析访问密钥响应",
"type": "n8n-nodes-base.code",
"position": [
-1260,
380
],
"parameters": {
"jsCode": "const result = {};\nlet counter = 1;\n\nfor (const item of items) {\n try {\n const response = item.json.body || item.json;\n const metadata = response?.ListAccessKeysResponse?.ListAccessKeysResult?.AccessKeyMetadata || [];\n\n for (const key of metadata) {\n const keyLabel = `AccessKey${counter}`;\n result[keyLabel] = {\n [`AccessKeyId${counter}`]: key.AccessKeyId,\n [`UserName${counter}`]: key.UserName,\n Status: key.Status,\n [`CreateDate${counter}`]: new Date(key.CreateDate * 1000).toISOString()\n };\n counter++;\n }\n } catch (error) {\n console.error('Error processing access keys:', error);\n }\n}\n\nreturn [{ json: result }];\n"
},
"typeVersion": 2
},
{
"id": "83640bea-3b16-4173-a486-bcbfe9cffddd",
"name": "🚫 停用受损密钥",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-180,
900
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "UpdateAccessKey"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
},
{
"name": "AccessKeyId",
"value": "={{ $json.AccessKeyId }}"
},
{
"name": "Status",
"value": "Inactive"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.1
},
{
"id": "d671f4f7-759f-4bd6-abc1-abc1234567",
"name": "📜 审计内联策略",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-160,
1320
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "ListUserPolicies"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "6e6a912f-d043-44c0-abc1-abc123456789",
"name": "🔍 审计附加策略",
"type": "n8n-nodes-base.httpRequest",
"position": [
-160,
1680
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "ListAttachedUserPolicies"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "9fc7c861-a714-4b24-b19d-7d163c8e6a4d",
"name": "🛡️ 生成失效策略",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-200,
480
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "CreatePolicy"
},
{
"name": "PolicyDocument",
"value": "={\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\": \"DenyExpiredSessions\",\n \"Effect\": \"Deny\",\n \"Action\": \"*\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"DateLessThan\": {\n \"aws:TokenIssueTime\": \"{{ $now.minus({ days: 3 }).toISO() }}\"\n }\n }\n }]\n}\n"
},
{
"name": "PolicyName",
"value": "=Invalidating-Temporary-Security-Credentials-{{ $now.toFormat('yyyy-MM-dd') + '-' + Math.random().toString(36).substring(2, 8).toUpperCase() }}"
},
{
"name": "Version",
"value": "2010-05-08"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "df0f64b3-95cf-48ef-b2a9-fe035d3e14ad",
"name": "🔗 应用安全策略",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
340,
60
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "AttachUserPolicy"
},
{
"name": "PolicyArn",
"value": "={{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.Arn }}"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $('✅ Approved Compromise Data').item.json.UserName }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "c4ec2ef4-7db8-4189-877b-abc1234567890",
"name": "📤 提取内联策略名称",
"type": "n8n-nodes-base.splitOut",
"onError": "continueRegularOutput",
"position": [
60,
1320
],
"parameters": {
"options": {},
"fieldToSplitOut": "ListUserPoliciesResponse.ListUserPoliciesResult.PolicyNames"
},
"typeVersion": 1
},
{
"id": "07ab67a9-146d-4576-8afa-a128cf62974f",
"name": "🔄 批量处理内联策略",
"type": "n8n-nodes-base.splitInBatches",
"position": [
280,
1320
],
"parameters": {
"options": {}
},
"typeVersion": 3
},
{
"id": "ff91b356-3771-463f-8593-82a0396c6514",
"name": "🔄 批量处理附加策略",
"type": "n8n-nodes-base.splitInBatches",
"position": [
280,
1700
],
"parameters": {
"options": {}
},
"typeVersion": 3
},
{
"id": "e1344921-481a-467b-9240-72b80e8f8ef9",
"name": "📤 提取附加策略列表",
"type": "n8n-nodes-base.splitOut",
"position": [
60,
1680
],
"parameters": {
"options": {},
"fieldToSplitOut": "ListAttachedUserPoliciesResponse.ListAttachedUserPoliciesResult.AttachedPolicies"
},
"typeVersion": 1
},
{
"id": "c884daa9-f96f-40c7-8fd0-3a00612bf431",
"name": "🤖 AI安全分析",
"type": "@n8n/n8n-nodes-langchain.agent",
"onError": "continueRegularOutput",
"position": [
2400,
980
],
"parameters": {
"text": "={{ JSON.stringify($json.data, null, 2) }}",
"options": {
"systemMessage": "# AWS Key Compromise Response Summary Prompt\n\nYou are an AWS security analyst. Your task is to analyze the key compromise response actions and provide a simple, clear summary of what happened and the current security status.\n\n## Instructions\n\nFollow these instructions precisely:\n\n### 1. Analysis Output Format\n\nOutput your analysis wrapped exactly between these tags, inside a fenced code block:\n```\n...your simple analysis here...\n```\n\n### 2. Keep It Simple - Focus Only On:\n\n#### Key Compromise Response Summary\n- **What happened**: Brief description of the compromise\n- **Actions taken**: Key deactivation, policy creation, and attachment status\n- **Current status**: Whether the response was successful\n- **Risk level**: Simple HIGH/MEDIUM/LOW assessment\n\n#### Essential Details Only\n- **User affected**: Username and access key ID\n- **Response actions**: What automated actions were completed\n- **Security status**: Current protection level after response\n- **Next steps**: 1-2 simple recommendations if needed\n\n### 3. Policy Analysis Guidelines\n\n**Ignore all policy version metadata** fields — if you see `versionId`, `isDefault`, `createDate`, or the `\"Version\"` field inside `decodedPolicy`, do **not** mention or interpret these as security findings; focus **only** on the actual policy statements and actions.\n\n### 4. Slack-Compatible Report\n\nAfter the fenced code block, output a Slack-compatible report using **ONLY** the following supported Slack Markdown formats:\n\n#### Supported Slack Markdown Elements:\n- **Bold text:** `*bold text*` (asterisks)\n- **Italic text:** `_italic text_` (underscores)\n- **Strikethrough:** `~strikethrough~` (tildes)\n- **Inline code:** `code` (single backticks)\n- **Code blocks:** ``` (three backticks)\n- **Block quotes:** `> quoted text` (greater than symbol)\n- **Bulleted lists:** `* item` or `• item` (asterisk or bullet)\n- **Ordered lists:** `1. item` (number and period)\n- **Links:** `<https://example.com|Link Text>` (angle brackets with pipe)\n\n#### Slack Report Format:\n\n🚨 *AWS Key Compromise Response Summary*\n\n👤 *Affected User*\n• User: username\n• Access Key: AKIA...\n\n✅ *Response Actions Completed*\n• 🚫 Access key deactivated\n• 🛡️ Security policy applied\n• ⏰ Temporary credentials invalidated\n\n📊 *Current Status*\n• Response: Successful/Failed\n• Risk Level: HIGH/MEDIUM/LOW\n• Account Secured: Yes/No\n\n💡 *Next Steps*\n• [1-2 simple recommendations or \"No further action needed\"]\n\n📅 *Incident Date*\n• YYYY-MM-DD\n\n_Automated security response completed_\n\n### 5. Simple Guidelines\n\n**Keep it simple:**\n• Use clear, non-technical language\n• Focus on what happened and current status\n• Avoid complex security jargon\n• Provide actionable next steps only if needed\n• Keep the summary under 200 words\n\n### 6. What to Look For in the Data\n\n- **User information**: Username and access key ID\n- **Key deactivation**: Whether the access key was successfully disabled\n- **Policy creation**: Whether security policies were created and attached\n- **Response status**: Overall success or failure of the automated response\n\nThis prompt is designed to provide simple, clear summaries of AWS key compromise response actions for business stakeholders."
},
"promptType": "define"
},
"typeVersion": 2
},
{
"id": "3eae5e83-a978-44eb-814e-ca97d32bcde0",
"name": "🔀 合并响应数据",
"type": "n8n-nodes-base.merge",
"position": [
1940,
920
],
"parameters": {
"numberInputs": 6
},
"typeVersion": 3.2
},
{
"id": "45f1ed8f-e1cd-45ff-a70b-96e4ffa5dbb4",
"name": "📦 聚合最终结果",
"type": "n8n-nodes-base.aggregate",
"position": [
2180,
980
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData"
},
"typeVersion": 1
},
{
"id": "9880aa6e-5475-467f-9281-64c42b3d7898",
"name": "📋 获取策略元数据",
"type": "n8n-nodes-base.httpRequest",
"position": [
500,
1760
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "GetPolicy"
},
{
"name": "Version",
"value": "=2010-05-08"
},
{
"name": "PolicyArn",
"value": "={{ $json.PolicyArn }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "fa82af49-be87-4579-a6fc-68b14e16b1aa",
"name": "📄 检索策略文档",
"type": "n8n-nodes-base.httpRequest",
"position": [
720,
1760
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "GetPolicyVersion"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "=PolicyArn",
"value": "={{ $json.GetPolicyResponse.GetPolicyResult.Policy.Arn }}"
},
{
"name": "=VersionId",
"value": "={{ $json.GetPolicyResponse.GetPolicyResult.Policy.DefaultVersionId }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "b1abafca-5443-4dc5-992e-7210296b27ca",
"name": "📜 检索内联策略详情",
"type": "n8n-nodes-base.httpRequest",
"position": [
520,
1360
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "GetUserPolicy"
},
{
"name": "Version",
"value": "2010-05-08"
},
{
"name": "UserName",
"value": "={{ $('📝 Secure Form: Key Compromise Input').item.json.Username }}"
},
{
"name": "=PolicyName",
"value": "={{ $json[\"ListUserPoliciesResponse.ListUserPoliciesResult.PolicyNames\"] }}"
}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "68ad6474-1a28-4c1d-9708-911e3475da7d",
"name": "🔓 解析内联策略JSON",
"type": "n8n-nodes-base.code",
"position": [
720,
1360
],
"parameters": {
"jsCode": "// Sample input (you'll usually get this from n8n's input)\nconst inputItems = $input.all();\n\nconst decodedPolicies = inputItems.map(item => {\n const encoded = item.json?.GetUserPolicyResponse?.GetUserPolicyResult?.PolicyDocument;\n let decoded = null;\n let parsed = null;\n\n try {\n decoded = decodeURIComponent(encoded);\n parsed = JSON.parse(decoded);\n } catch (e) {\n // Fallback if decoding or parsing fails\n parsed = { error: 'Invalid or undecodable policy document' };\n }\n\n return {\n json: {\n user: item.json?.GetUserPolicyResponse?.GetUserPolicyResult?.UserName || 'unknown',\n policyName: item.json?.GetUserPolicyResponse?.GetUserPolicyResult?.PolicyName || 'unknown',\n decodedPolicy: parsed\n }\n };\n});\n\nreturn decodedPolicies;\n"
},
"typeVersion": 2
},
{
"id": "d3cf69d7-15ba-4ec9-b463-6223ed3959eb",
"name": "🔓 解析附加策略JSON",
"type": "n8n-nodes-base.code",
"position": [
900,
1760
],
"parameters": {
"jsCode": "const inputItems = $input.all();\n\nconst decodedPolicies = inputItems.map(item => {\n const encoded = item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.Document;\n let decoded = null;\n let parsed = null;\n\n try {\n decoded = decodeURIComponent(encoded);\n parsed = JSON.parse(decoded);\n } catch (e) {\n parsed = { error: 'Invalid or undecodable policy document' };\n }\n\n return {\n json: {\n versionId: item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.VersionId || 'unknown',\n isDefault: item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.IsDefaultVersion || false,\n createDate: item.json?.GetPolicyVersionResponse?.GetPolicyVersionResult?.PolicyVersion?.CreateDate || null,\n decodedPolicy: parsed\n }\n };\n});\n\nreturn decodedPolicies;\n"
},
"typeVersion": 2
},
{
"id": "9b3a898c-70be-4fb1-905d-e29a92e89772",
"name": "⚡ 内联策略路由器",
"type": "n8n-nodes-base.noOp",
"position": [
920,
1360
],
"parameters": {},
"typeVersion": 1
},
{
"id": "9402330b-7f94-4fbc-ba49-38e668e59abe",
"name": "⚡ 附加策略路由器",
"type": "n8n-nodes-base.noOp",
"position": [
1100,
1760
],
"parameters": {},
"typeVersion": 1
},
{
"id": "0d40fba1-568e-41db-8d58-170df5f0a927",
"name": "💬 通知安全团队",
"type": "n8n-nodes-base.slack",
"position": [
2760,
980
],
"webhookId": "981a72f0-c86f-46ba-ba1c-96e05fd35b2e",
"parameters": {
"text": "=🚫 AWS Key Compromise Summary\n\n {{ $json.output }}",
"select": "channel",
"channelId": {
"__rl": true,
"mode": "id",
"value": "ABC1234567890"
},
"otherOptions": {}
},
"credentials": {
"slackApi": {
"id": "ABC123456789",
"name": "Slack account"
}
},
"typeVersion": 2.3
},
{
"id": "89b5bf1b-081c-46e9-b634-eb4e95a6e2a9",
"name": "🧠 Claude AI引擎",
"type": "@n8n/n8n-nodes-langchain.lmChatAnthropic",
"position": [
2420,
1200
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "claude-3-7-sonnet-20250219",
"cachedResultName": "Claude Sonnet 3.7"
},
"options": {}
},
"credentials": {
"anthropicApi": {
"id": "ABC123456789",
"name": "Anthropic account"
}
},
"typeVersion": 1.3
},
{
"id": "bec15d6b-2869-4784-b55d-c1cb8a1644d9",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
1600
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## 🔄 处理每个附加策略"
},
"typeVersion": 1
},
{
"id": "06904eef-ed07-4b84-a4b9-c5f9defb384d",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
1180
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## 🔄 处理每个内联策略"
},
"typeVersion": 1
},
{
"id": "ca8a044a-211a-4548-86e6-f2ae758b97f1",
"name": "便签2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
760
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## 🚫 禁用受损密钥"
},
"typeVersion": 1
},
{
"id": "22145ce8-1fcb-4e7d-977a-5e3758a4b635",
"name": "便签3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
340
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## 🛠 创建安全策略[使临时安全凭据失效]"
},
"typeVersion": 1
},
{
"id": "f4100d07-40db-41da-a60c-3770fc8dbba3",
"name": "便签说明4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-420,
-80
],
"parameters": {
"width": 1840,
"height": 400,
"content": "## 🔗 附加安全策略[使临时安全凭据失效]]"
},
"typeVersion": 1
},
{
"id": "b0bac576-f2ab-4d58-b1f6-1fb70a620649",
"name": "便签说明5",
"type": "n8n-nodes-base.stickyNote",
"position": [
1700,
700
],
"parameters": {
"color": 5,
"width": 1320,
"height": 740,
"content": "## 🤖 生成安全报告"
},
"typeVersion": 1
},
{
"id": "489444dd-c8ab-444e-ac11-aef48061650b",
"name": "便签 6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-2260,
780
],
"parameters": {
"color": 3,
"width": 720,
"height": 400,
"content": "# ✏️ 手动输入:用户名和访问密钥ID"
},
"typeVersion": 1
},
{
"id": "3f524117-9a16-4e3c-9c9b-b365af4d51c7",
"name": "便签 7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-2080,
240
],
"parameters": {
"width": 1360,
"height": 400,
"content": "## 🔍 检索IAM密钥信息"
},
"typeVersion": 1
},
{
"id": "e3bf53dd-84dd-48aa-af4a-0352e30ea4ba",
"name": "🔍 AWS IAM服务",
"type": "n8n-nodes-base.awsIam",
"position": [
-1700,
380
],
"parameters": {
"returnAll": true,
"requestOptions": {},
"additionalFields": {}
},
"credentials": {
"aws": {
"id": "ABC123456789",
"name": "AWS account"
}
},
"typeVersion": 1
},
{
"id": "4be7829d-c736-4125-aaa6-f75118e98c17",
"name": "🔔 请求人工批准",
"type": "n8n-nodes-base.slack",
"position": [
-1320,
940
],
"webhookId": "93b4ba77-b68e-4393-b4a8-4fac3f7f00ae",
"parameters": {
"user": {
"__rl": true,
"mode": "id",
"value": "ABC1234567890"
},
"message": "=🛡️ Approval Request: AWS IAM Key Compromise Response\n\nUser: {{ $json.UserName }}\nAccess Key ID: {{ $json.AccessKeyId }}\nDate: {{ $json.Date }}\n\nPlease review and approve the remediation action.",
"options": {},
"operation": "sendAndWait"
},
"credentials": {
"slackApi": {
"id": "ABC123456789",
"name": "Slack account"
}
},
"typeVersion": 2.3,
"alwaysOutputData": true
},
{
"id": "1db4a332-df13-494b-87e6-1226f8d89b3f",
"name": "## 为什么选择 4o 模型?👆",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1480,
780
],
"parameters": {
"color": 4,
"width": 420,
"height": 400,
"content": "# ✏️ 人工介入环节"
},
"typeVersion": 1
},
{
"id": "296666c1-c6dd-451e-b9d6-a799634ac9ae",
"name": "✅ 批准的受损数据",
"type": "n8n-nodes-base.set",
"position": [
-880,
940
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "ad40b317-c48b-4814-b06b-6aced6ab5174",
"name": "UserName",
"type": "string",
"value": "={{ $('📝 Secure Form: Key Compromise Input').item.json.Username }}"
},
{
"id": "a5b68025-b2cc-42d6-aae8-527bd46dad41",
"name": "AccessKeyId",
"type": "string",
"value": "={{ $('📝 Secure Form: Key Compromise Input').item.json.AccessKeyID }}"
},
{
"id": "23551fee-041c-4822-9957-da228b721bc1",
"name": "Date",
"type": "string",
"value": "={{ new Date().toISOString().split(\"T\")[0] }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "95eb48d4-ef3f-410b-b2d8-815e9083e5e4",
"name": "便签 9",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
780
],
"parameters": {
"color": 4,
"width": 420,
"height": 400,
"content": "# ✏️ 选定的用户名和访问密钥ID"
},
"typeVersion": 1
},
{
"id": "2b792970-ebae-4e60-86b3-1780c45948e5",
"name": "🔧 处理表单提交",
"type": "n8n-nodes-base.set",
"position": [
-1820,
940
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "ad40b317-c48b-4814-b06b-6aced6ab5174",
"name": "UserName",
"type": "string",
"value": "={{ $json.Username }}"
},
{
"id": "a5b68025-b2cc-42d6-aae8-527bd46dad41",
"name": "AccessKeyId",
"type": "string",
"value": "={{ $json.AccessKeyID }}"
},
{
"id": "23551fee-041c-4822-9957-da228b721bc1",
"name": "Date",
"type": "string",
"value": "={{ new Date().toISOString().split(\"T\")[0] }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "987b3736-c325-4fe5-8d70-f14b9f5955d8",
"name": "🔍 手动密钥查找触发器",
"type": "n8n-nodes-base.manualTrigger",
"position": [
-1920,
380
],
"parameters": {},
"typeVersion": 1
},
{
"id": "97bb3007-1143-4a13-9adf-811e1268db4f",
"name": "📝 安全表单:密钥受损输入",
"type": "n8n-nodes-base.formTrigger",
"position": [
-2100,
940
],
"webhookId": "f3d8ce11-9e3f-46c3-ba17-221674b9dd6e",
"parameters": {
"options": {},
"formTitle": "🚨 Automated AWS IAM Key Compromise Response Input",
"formFields": {
"values": [
{
"fieldLabel": "Username",
"requiredField": true
},
{
"fieldLabel": "AccessKeyID",
"requiredField": true
}
]
},
"authentication": "basicAuth"
},
"credentials": {
"httpBasicAuth": {
"id": "pmJaCcMGEkPDYowB",
"name": "Basic Auth Webhook credential"
}
},
"typeVersion": 2.2
},
{
"id": "33cd00aa-6027-4b3b-b373-c802ac6bf17d",
"name": "⚡ 无操作,不执行任何操作",
"type": "n8n-nodes-base.noOp",
"position": [
-1040,
380
],
"parameters": {},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"🔍 AWS IAM Service": {
"main": [
[
{
"node": "🔑 Fetch User Access Keys",
"type": "main",
"index": 0
}
]
]
},
"🧠 Claude AI Engine": {
"ai_languageModel": [
[
{
"node": "🤖 AI Security Analysis",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"⚡ Inline Policy Router": {
"main": [
[
{
"node": "🔄 Batch Process Inline Policies",
"type": "main",
"index": 0
}
]
]
},
"🔀 Merge Response Data": {
"main": [
[
{
"node": "📦 Aggregate Final Results",
"type": "main",
"index": 0
}
]
]
},
"🤖 AI Security Analysis": {
"main": [
[
{
"node": "💬 Notify Security Team",
"type": "main",
"index": 0
}
]
]
},
"⚡ Attached Policy Router": {
"main": [
[
{
"node": "🔄 Batch Process Attached Policies",
"type": "main",
"index": 0
}
]
]
},
"📋 Fetch Policy Metadata": {
"main": [
[
{
"node": "📄 Retrieve Policy Document",
"type": "main",
"index": 0
}
]
]
},
"📜 Audit Inline Policies": {
"main": [
[
{
"node": "📤 Extract Inline Policy Names",
"type": "main",
"index": 0
}
]
]
},
"🔗 Apply Security Policy": {
"main": [
[
{
"node": "🔀 Merge Response Data",
"type": "main",
"index": 0
}
]
]
},
"🔑 Fetch User Access Keys": {
"main": [
[
{
"node": "📊 Parse Access Key Response",
"type": "main",
"index": 0
}
]
]
},
"🔔 Request Human Approval": {
"main": [
[
{
"node": "✅ Approved Compromise Data",
"type": "main",
"index": 0
}
]
]
},
"✅ Approved Compromise Data": {
"main": [
[
{
"node": "🛡️ Generate Invalidation Policy",
"type": "main",
"index": 0
},
{
"node": "🚫 Deactivate Compromised Key",
"type": "main",
"index": 0
},
{
"node": "🔀 Merge Response Data",
"type": "main",
"index": 3
},
{
"node": "📜 Audit Inline Policies",
"type": "main",
"index": 0
},
{
"node": "🔍 Audit Attached Policies",
"type": "main",
"index": 0
}
]
]
},
"📦 Aggregate Final Results": {
"main": [
[
{
"node": "🤖 AI Security Analysis",
"type": "main",
"index": 0
}
]
]
},
"🔍 Audit Attached Policies": {
"main": [
[
{
"node": "📤 Extract Attached Policy List",
"type": "main",
"index": 0
}
]
]
},
"🔧 Process Form Submission": {
"main": [
[
{
"node": "🔔 Request Human Approval",
"type": "main",
"index": 0
}
]
]
},
"📄 Retrieve Policy Document": {
"main": [
[
{
"node": "🔓 Parse Attached Policy JSON",
"type": "main",
"index": 0
}
]
]
},
"🔓 Parse Inline Policy JSON": {
"main": [
[
{
"node": "⚡ Inline Policy Router",
"type": "main",
"index": 0
}
]
]
},
"📊 Parse Access Key Response": {
"main": [
[
{
"node": "⚡ No Operation, do nothing",
"type": "main",
"index": 0
}
]
]
},
"🔍 Manual Key Lookup Trigger": {
"main": [
[
{
"node": "🔍 AWS IAM Service",
"type": "main",
"index": 0
}
]
]
},
"🔓 Parse Attached Policy JSON": {
"main": [
[
{
"node": "⚡ Attached Policy Router",
"type": "main",
"index": 0
}
]
]
},
"🚫 Deactivate Compromised Key": {
"main": [
[
{
"node": "🔀 Merge Response Data",
"type": "main",
"index": 2
}
]
]
},
"📤 Extract Inline Policy Names": {
"main": [
[
{
"node": "🔄 Batch Process Inline Policies",
"type": "main",
"index": 0
}
]
]
},
"📤 Extract Attached Policy List": {
"main": [
[
{
"node": "🔄 Batch Process Attached Policies",
"type": "main",
"index": 0
}
]
]
},
"🔄 Batch Process Inline Policies": {
"main": [
[
{
"node": "🔀 Merge Response Data",
"type": "main",
"index": 4
}
],
[
{
"node": "📜 Retrieve Inline Policy Details",
"type": "main",
"index": 0
}
]
]
},
"📜 Retrieve Inline Policy Details": {
"main": [
[
{
"node": "🔓 Parse Inline Policy JSON",
"type": "main",
"index": 0
}
]
]
},
"🔄 Batch Process Attached Policies": {
"main": [
[
{
"node": "🔀 Merge Response Data",
"type": "main",
"index": 5
}
],
[
{
"node": "📋 Fetch Policy Metadata",
"type": "main",
"index": 0
}
]
]
},
"🛡️ Generate Invalidation Policy": {
"main": [
[
{
"node": "🔗 Apply Security Policy",
"type": "main",
"index": 0
},
{
"node": "🔀 Merge Response Data",
"type": "main",
"index": 1
}
]
]
},
"📝 Secure Form: Key Compromise Input": {
"main": [
[
{
"node": "🔧 Process Form Submission",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
高级 - 人工智能
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
WordPress 内容生成器 v3
WordPress 内容生成器 v3
If
Set
Code
+21
102 节点Alex Kim
人工智能
在可视化参考库中探索n8n节点
在可视化参考库中探索n8n节点
If
Ftp
Set
+93
113 节点I versus AI
其他
(Duc)深度研究市场模板
集成PerplexityAI研究和OpenAI内容的多层级WordPress博客生成器
If
Set
Xml
+28
132 节点Daniel Ng
人工智能
WordPress终极内容生成器 v2 - AlexK1919
WordPress终极内容生成器
If
Set
Code
+17
61 节点Alex Kim
人工智能
敏捷团队冲刺规划自动化
使用OpenAI、Google日历和Gmail为敏捷团队自动化冲刺规划
If
Set
Code
+17
52 节点Willemijn
产品
使用Apify→Google Sheets/CSV提取并丰富LinkedIn评论为潜在客户
使用Apify→Google Sheets/CSV提取并丰富LinkedIn评论为潜在客户
If
Set
Code
+10
39 节点Saverflow AI
销售
工作流信息
难度等级
高级
节点数量40
分类1
节点类型15
作者
Niranjan G
@niranjanCybersecurity leader turning complex workflows into seamless, AI-driven automations.
外部链接
在 n8n.io 查看 →
分享此工作流