基于聊天的AWS IAM策略生成器与AI助手(OpenAI)
中级
这是一个DevOps, AI Chatbot领域的自动化工作流,包含 14 个节点。主要使用 EmailSend, HttpRequest, Agent, ChatTrigger, LmChatOpenAi 等节点。 通过聊天界面使用GPT-4助手生成AWS IAM策略
前置要求
- •可能需要目标 API 的认证凭证
- •OpenAI API Key
使用的节点 (14)
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "VGQLouOsaXvTC33w",
"meta": {
"instanceId": "e145bfb15cacc90e0d1ae6ee743e6744f8fc7108de50458700cb2ae620dc5ca5",
"templateCredsSetupCompleted": true
},
"name": "基于聊天的 AWS IAM 策略生成器与 AI 智能体 (OpenAI)",
"tags": [
{
"id": "zVkByIt5M465W2a8",
"name": "aws",
"createdAt": "2025-09-12T06:14:33.823Z",
"updatedAt": "2025-09-12T06:14:33.823Z"
}
],
"nodes": [
{
"id": "8e54adb3-9243-4aed-878f-19608fb72668",
"name": "当收到聊天消息时",
"type": "@n8n/n8n-nodes-langchain.chatTrigger",
"position": [
-336,
0
],
"webhookId": "fdf45a07-8d9c-47b8-b4d9-e9c81f412ea8",
"parameters": {
"options": {}
},
"typeVersion": 1.3
},
{
"id": "a97ffd86-a54a-446f-989e-72b80715c627",
"name": "简单记忆",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"position": [
16,
224
],
"parameters": {},
"typeVersion": 1.3
},
{
"id": "6b765ceb-ca6c-4637-84ff-56d3b3691e7d",
"name": "OpenAI 聊天模型",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
-112,
224
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4.1-mini"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "tnXtbK3d66hDjxXa",
"name": "OpenAi account"
}
},
"typeVersion": 1.2
},
{
"id": "5327e0ae-52d3-4801-857f-d8fe28bc61ab",
"name": "结构化输出解析器",
"type": "@n8n/n8n-nodes-langchain.outputParserStructured",
"position": [
144,
224
],
"parameters": {
"jsonSchemaExample": "{\n \"SuggestedPolicyName\":\"\",\n \"PolicyJSON\":{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AllowEC2ManagementInSingaporeExceptDelete\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:StartInstances\",\n \"ec2:StopInstances\",\n \"ec2:RebootInstances\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeInstanceStatus\",\n \"ec2:CreateTags\",\n \"ec2:DeleteTags\",\n \"ec2:ModifyInstanceAttribute\",\n \"ec2:MonitorInstances\",\n \"ec2:UnmonitorInstances\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"aws:RequestedRegion\": \"ap-southeast-1\"\n }\n }\n }\n ]\n}\n}"
},
"typeVersion": 1.3
},
{
"id": "e8326ece-6413-4736-b3b2-db78d3e51ccc",
"name": "IAM 策略创建器智能体",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
-56,
0
],
"parameters": {
"text": "=I want to create an IAM policy for my IT Support team.\n\nRequirements:\n {{ $json.chatInput }}\n\nPlease generate a JSON IAM policy that follows AWS best practices.",
"options": {
"systemMessage": "You are a helpful assistantYou are an AWS IAM Policy Generator Agent.\n\nYour goal is to help the user create **AWS IAM custom policies** in JSON format that follow **AWS best practices**:\n- Output must always be **valid AWS IAM JSON**.\n- Include `\"Version\": \"2012-10-17\"` at the top.\n- Policies should be **least privilege** by default (only allow the necessary actions and resources).\n- Use **Actions**, **Resources**, and optional **Conditions** properly.\n- Recommend **Conditions** (e.g., `aws:RequestedRegion`, `aws:username`, `IpAddress`) where appropriate to restrict access.\n- Use `\"Sid\"` values for readability.\n- Always scope `Resource` to ARNs when possible, avoid `\"*\"` unless required.\n- If the user is vague, ask clarifying questions (e.g., which services, which region, which actions: read-only, full access, custom).\n- Return only the JSON policy as the final answer (no explanation unless the user asks for it).\n- Follow AWS naming conventions and IAM best practices.\n\nYou must:\n1. Clarify user needs (service, actions, scope, region, conditions).\n2. Generate the **IAM policy JSON**.\n3. Ensure **valid JSON structure** and **no missing commas/brackets**."
},
"promptType": "define",
"hasOutputParser": true
},
"typeVersion": 2.2
},
{
"id": "d69deec6-ee04-4863-b43a-22eeb04d0506",
"name": "IAM 策略 HTTP 请求",
"type": "n8n-nodes-base.httpRequest",
"position": [
384,
0
],
"parameters": {
"url": "https://iam.amazonaws.com",
"method": "POST",
"options": {},
"sendBody": true,
"contentType": "form-urlencoded",
"sendHeaders": true,
"authentication": "predefinedCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "Action",
"value": "CreatePolicy"
},
{
"name": "PolicyName",
"value": "={{ $json.output.SuggestedPolicyName }}{{ $now.format('yyyyMMddhhmm') }}"
},
{
"name": "PolicyDocument",
"value": "={{ $json.output.PolicyJSON.toJsonString() }}"
},
{
"name": "Version",
"value": "2010-05-08"
}
]
},
"headerParameters": {
"parameters": [
{}
]
},
"nodeCredentialType": "aws"
},
"credentials": {
"aws": {
"id": "4CZd3hXptJlZimiB",
"name": "AWS account"
}
},
"typeVersion": 4.2
},
{
"id": "4c786713-626f-4fea-9942-5ac125c6b988",
"name": "用于跟踪的邮件",
"type": "n8n-nodes-base.emailSend",
"position": [
688,
0
],
"webhookId": "58315475-ed17-4427-9c36-20b957cc6ddf",
"parameters": {
"html": "=Hello Team,\n\nThe new IAM policy has been created successfully. Below are the details:\n\t•\tPolicy Name: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.PolicyName }}\n\t•\tPolicy ARN: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.Arn }}\n\t•\tPolicy ID: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.PolicyId }}\n\t•\tDefault Version: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.DefaultVersionId }}\n\t•\tAttachable: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.IsAttachable }}\n\t•\tPath: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.Path }}\n\t•\tAttachment Count: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.AttachmentCount }}\n\t•\tCreated At: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.CreateDate }}\n\t•\tUpdated At: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.UpdateDate }}\n\nRequest ID: {{ $json.CreatePolicyResponse.ResponseMetadata.RequestId }}\n\nYou can now attach this policy to the appropriate IAM groups, roles, or users as needed.\n\nBest regards,\nAWS Automation Bot 🤖",
"options": {},
"subject": "=✅ New IAM Policy Created: {{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.PolicyName }}",
"toEmail": "creator@automatewith.me",
"fromEmail": "creator@automatewith.me"
},
"credentials": {
"smtp": {
"id": "rncKilq9bolrCufu",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "5212b034-d20e-47ac-91d4-75fd5c493c1e",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1856,
-576
],
"parameters": {
"width": 976,
"height": 1360,
"content": "# 基于聊天的 AWS IAM 策略生成器与 AI 智能体"
},
"typeVersion": 1
},
{
"id": "e6283dbe-58c8-4a1c-abb4-7f7e96a66cc2",
"name": "便签 1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-416,
-256
],
"parameters": {
"color": 5,
"width": 272,
"content": "### 1. **聊天触发器**"
},
"typeVersion": 1
},
{
"id": "5f53c943-20bf-466a-b961-973e4e468cc3",
"name": "便签 2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-96,
-272
],
"parameters": {
"color": 5,
"width": 272,
"height": 224,
"content": "### 2. **AI 智能体 – 策略生成器**"
},
"typeVersion": 1
},
{
"id": "82e99ccc-7635-4351-b14b-4814b23babbd",
"name": "便签 3",
"type": "n8n-nodes-base.stickyNote",
"position": [
288,
-256
],
"parameters": {
"color": 5,
"width": 272,
"height": 224,
"content": "### 3. **AWS IAM CreatePolicy 请求**"
},
"typeVersion": 1
},
{
"id": "1f00a6a6-2fb3-4974-8a62-70ed1c99a773",
"name": "便签 4",
"type": "n8n-nodes-base.stickyNote",
"position": [
608,
-256
],
"parameters": {
"color": 5,
"width": 272,
"height": 208,
"content": "### 4. **确认与通知**"
},
"typeVersion": 1
},
{
"id": "d93f2b5e-4cee-410b-ae7d-80ed1de8308e",
"name": "便签 5",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
192
],
"parameters": {
"width": 624,
"height": 288,
"content": ""
},
"typeVersion": 1
},
{
"id": "102bcb25-235e-4fd5-9b10-fd8f848e83fe",
"name": "便签6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-848,
-96
],
"parameters": {
"width": 416,
"height": 432,
"content": ""
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "50f49a1f-3095-452e-8614-049503f01030",
"connections": {
"Simple Memory": {
"ai_memory": [
[
{
"node": "IAM Policy Creator Agent",
"type": "ai_memory",
"index": 0
}
]
]
},
"OpenAI Chat Model": {
"ai_languageModel": [
[
{
"node": "IAM Policy Creator Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"IAM Policy HTTP Request": {
"main": [
[
{
"node": "Email for tracking",
"type": "main",
"index": 0
}
]
]
},
"IAM Policy Creator Agent": {
"main": [
[
{
"node": "IAM Policy HTTP Request",
"type": "main",
"index": 0
}
]
]
},
"Structured Output Parser": {
"ai_outputParser": [
[
{
"node": "IAM Policy Creator Agent",
"type": "ai_outputParser",
"index": 0
}
]
]
},
"When chat message received": {
"main": [
[
{
"node": "IAM Policy Creator Agent",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 开发运维, AI 聊天机器人
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
EC2生命周期管理器与AI聊天助手(描述、启动、停止、重启、终止)
含AI聊天代理的AWS EC2生命周期管理器(描述、启动、停止、重启)
Agent
Http Request Tool
Chat Trigger
+3
16 节点Trung Tran
开发运维
基于聊天的AWS Lambda管理器与自动化审计日志记录(GPT-4.1 mini + Google表格)
通过聊天使用GPT-4.1和Google表格审计日志记录的AWS Lambda管理器
Aws Lambda Tool
Agent
Http Request Tool
+5
15 节点Trung Tran
开发运维
n8n中带审计日志的AI驱动AWS S3管理器(Slack/ChatOps工作流)
通过Slack使用GPT-4代理和Google表格审计日志管理AWS S3
Aws S3 Tool
Agent
Google Sheets Tool
+4
16 节点Trung Tran
开发运维
构建用于Slack候选人评估的AI驱动聊天机器人
AI简历分析与候选人评估:Slack和Google表格集成
If
Code
Slack
+12
29 节点Trung Tran
AI 聊天机器人
VDS工作流公开版
使用AI、GitHub和Vercel从文本提示构建和部署MVP
If
Code
Wait
+15
54 节点Varritech
开发运维
使用AI Tool Node和GPT-4、DALL-E的多智能体图书创作工作流
使用GPT-4.1-mini、DALL-E、Google Drive和AWS S3创建AI生成图书
Set
Aws S3
Markdown
+9
25 节点Trung Tran
内容创作
工作流信息
难度等级
中级
节点数量14
分类2
节点类型8
作者
Trung Tran
@trungtranEmpowering small and medium businesses with smart automation and practical AI, no big tech team required. Youtube channel: youtube.com/@theStackExplorer
外部链接
在 n8n.io 查看 →
分享此工作流