AWS IAM 非活跃用户自动化告警工作流
高级
这是一个SecOps, Multimodal AI领域的自动化工作流,包含 16 个节点。主要使用 If, Slack, AwsIam, Filter, HttpRequest 等节点。 监控 AWS IAM 非活跃用户并通过 Slack 发送告警
前置要求
- •Slack Bot Token 或 Webhook URL
- •AWS Access Key 和 Secret
- •可能需要目标 API 的认证凭证
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "JQzVd68SaXiYdyoz",
"meta": {
"instanceId": "4a2e6764ba7a6bc9890d9225f4b21d570ce88fc9bd57549c89057fcee58fed0f",
"templateCredsSetupCompleted": true
},
"name": "AWS IAM 非活跃用户自动化告警工作流",
"tags": [],
"nodes": [
{
"id": "36340c3b-188b-47a4-bf2f-58c757092b8f",
"name": "每周调度器",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-448,
0
],
"parameters": {
"rule": {
"interval": [
{
"field": "weeks"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "ceab393d-abf0-4717-8c4c-fa12878ae3d1",
"name": "获取多个用户",
"type": "n8n-nodes-base.awsIam",
"position": [
-96,
0
],
"parameters": {
"returnAll": true,
"requestOptions": {},
"additionalFields": {}
},
"credentials": {
"aws": {
"id": "d62669OP9bvnmE4n",
"name": "us-east-1"
}
},
"typeVersion": 1
},
{
"id": "79c8efd6-e671-4ec8-b2e1-270a0f092015",
"name": "获取用户",
"type": "n8n-nodes-base.awsIam",
"position": [
256,
-96
],
"parameters": {
"user": {
"__rl": true,
"mode": "userName",
"value": "={{ $json.UserName }}"
},
"operation": "get",
"requestOptions": {}
},
"credentials": {
"aws": {
"id": "d62669OP9bvnmE4n",
"name": "us-east-1"
}
},
"typeVersion": 1
},
{
"id": "387a10b7-cea6-4541-b2ad-9d6c75833164",
"name": "无操作,不执行任何操作",
"type": "n8n-nodes-base.noOp",
"position": [
1280,
112
],
"parameters": {},
"typeVersion": 1
},
{
"id": "eeb64146-6255-45b7-80bd-2b25f725cbd5",
"name": "发送消息",
"type": "n8n-nodes-base.slack",
"position": [
1280,
-80
],
"webhookId": "8961c543-fc75-478f-a54b-a721b5d8d2eb",
"parameters": {
"text": "=:warning: *Inactive IAM User Detected* :warning:\n\nThe following IAM user has been inactive for more than *90 days*:\n\n*User ARN:* `{{ $json.Arn }}`\n*User Name:* `{{ $json.UserName }}`\n*Last Activity:* {{ $json.PasswordLastUsed.toDateTime('s') }}\n\nPlease review this account and take appropriate action (disable access keys, remove user, or re-activate if still needed).",
"user": {
"__rl": true,
"mode": "list",
"value": "U054RMBTVBM",
"cachedResultName": "trung.tran"
},
"select": "user",
"otherOptions": {},
"authentication": "oAuth2"
},
"credentials": {
"slackOAuth2Api": {
"id": "4JSKt9sIRV1KGswQ",
"name": "Slack account"
}
},
"typeVersion": 2.3
},
{
"id": "9443abfc-7618-418a-9fa5-302e679243a5",
"name": "IAM 用户超过90天未活跃?",
"type": "n8n-nodes-base.if",
"position": [
928,
16
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "93641224-b6d2-4db1-8537-d85b1bbff56d",
"operator": {
"type": "dateTime",
"operation": "before"
},
"leftValue": "={{ $json.PasswordLastUsed.toDateTime('s') }}",
"rightValue": "={{ $now }}"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "9aac0aeb-6a50-4ad4-8ec7-f1067eac9c08",
"name": "过滤不良数据",
"type": "n8n-nodes-base.filter",
"position": [
608,
16
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "2853872a-825b-4f59-8b4b-358cac8b197b",
"operator": {
"type": "number",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.PasswordLastUsed }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "242c3a32-3ec9-45b8-8646-5f3fe0d8cb11",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1536,
-592
],
"parameters": {
"width": 992,
"height": 1328,
"content": "# AWS IAM 非活跃用户自动化告警工作流"
},
"typeVersion": 1
},
{
"id": "9b0815bf-dde1-465c-8262-7d1ed099f4a2",
"name": "自定义 HTTP 请求(启用以尝试)",
"type": "n8n-nodes-base.httpRequest",
"disabled": true,
"position": [
256,
96
],
"parameters": {
"url": "=https://iam.amazonaws.com/?Action=GetUser&UserName={{ $json.UserName }}&Version=2010-05-08",
"options": {},
"authentication": "predefinedCredentialType",
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "d62669OP9bvnmE4n",
"name": "us-east-1"
}
},
"typeVersion": 4.2
},
{
"id": "0be727ef-fc32-409d-8f63-27bbde0e607c",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-512,
-176
],
"parameters": {
"height": 128,
"content": "### 1. 触发工作流"
},
"typeVersion": 1
},
{
"id": "1b6f9219-9005-4da1-9924-b32020576b81",
"name": "便签2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-144,
192
],
"parameters": {
"width": 208,
"height": 112,
"content": ""
},
"typeVersion": 1
},
{
"id": "1e658098-4c72-4ab7-87c5-05c18df8e626",
"name": "便签3",
"type": "n8n-nodes-base.stickyNote",
"position": [
176,
-320
],
"parameters": {
"width": 256,
"height": 192,
"content": "### 3. 获取用户详情"
},
"typeVersion": 1
},
{
"id": "9e9dd194-be45-49bf-86ae-4e730906321e",
"name": "便签4",
"type": "n8n-nodes-base.stickyNote",
"position": [
544,
208
],
"parameters": {
"height": 144,
"content": ""
},
"typeVersion": 1
},
{
"id": "43884563-7736-4f13-9055-f3c456c7a97d",
"name": "便签5",
"type": "n8n-nodes-base.stickyNote",
"position": [
848,
-176
],
"parameters": {
"height": 144,
"content": "### 5. 识别非活跃用户"
},
"typeVersion": 1
},
{
"id": "8dbc51b7-40a3-472b-8e0d-65e3e2a1f2c8",
"name": "便签6",
"type": "n8n-nodes-base.stickyNote",
"position": [
1216,
-272
],
"parameters": {
"content": "### 6. 发送 Slack 通知"
},
"typeVersion": 1
},
{
"id": "8b8651c4-37f0-41ce-90c8-4dc4b4472ecd",
"name": "便签7",
"type": "n8n-nodes-base.stickyNote",
"position": [
1472,
-96
],
"parameters": {
"width": 528,
"content": ""
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "1fe2c30a-5001-4dac-9725-be3bce01b214",
"connections": {
"Get user": {
"main": [
[
{
"node": "Filter bad data",
"type": "main",
"index": 0
}
]
]
},
"Get many users": {
"main": [
[
{
"node": "Get user",
"type": "main",
"index": 0
},
{
"node": "Custom HTTP Request (enable to try)",
"type": "main",
"index": 0
}
]
]
},
"Filter bad data": {
"main": [
[
{
"node": "IAM user inactive for more than 90 days?",
"type": "main",
"index": 0
}
]
]
},
"Weekly scheduler": {
"main": [
[
{
"node": "Get many users",
"type": "main",
"index": 0
}
]
]
},
"Custom HTTP Request (enable to try)": {
"main": [
[
{
"node": "Filter bad data",
"type": "main",
"index": 0
}
]
]
},
"IAM user inactive for more than 90 days?": {
"main": [
[
{
"node": "Send a message",
"type": "main",
"index": 0
}
],
[
{
"node": "No Operation, do nothing",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
高级 - 安全运维, 多模态 AI
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
AWS IAM访问密钥轮换提醒自动化工作流
为超过365天的AWS IAM访问密钥发送Slack警报
If
Slack
Aws Iam
+5
14 节点Trung Tran
安全运维
用于 MFA 强制实施和访问密钥停用的自动化 AWS IAM 合规工作流
AWS IAM 合规自动化:强制 MFA 并清理访问密钥
Code
Slack
Aws Iam
+4
19 节点Trung Tran
安全运维
AWS ACM 证书自动续期(含 Slack 审批)
带 Slack 审批工作流的 AWS 证书自动续期
Slack
Filter
Schedule Trigger
+2
14 节点Trung Tran
安全运维
构建用于Slack候选人评估的AI驱动聊天机器人
AI简历分析与候选人评估:Slack和Google表格集成
If
Code
Slack
+12
29 节点Trung Tran
AI 聊天机器人
行为准则问答 Slack 聊天机器人(RAG 驱动)
使用 GPT-4 和 RAG 技术在 Slack 中回答行为准则问题
If
Code
Slack
+10
24 节点Trung Tran
AI RAG 检索增强
智能供应商合同续签与提醒工作流(使用 GPT 4.1 mini)
使用 GPT-4.1 mini、Slack 和 Gmail 自动化供应商合同续签与提醒
If
Code
Slack
+7
21 节点Trung Tran
文档提取
工作流信息
难度等级
高级
节点数量16
分类2
节点类型8
作者
Trung Tran
@trungtranEmpowering small and medium businesses with smart automation and practical AI, no big tech team required.
外部链接
在 n8n.io 查看 →
分享此工作流