https://github.com/unbounce/paw

Privileged Access Watcher: Notifies Slack channels when a member is added to/removed from an IAM group.
https://github.com/unbounce/paw

owner-platform-services

Last synced: 8 days ago
JSON representation

Privileged Access Watcher: Notifies Slack channels when a member is added to/removed from an IAM group.

• Host: GitHub
• URL: https://github.com/unbounce/paw
• Owner: unbounce
• License: mit
• Created: 2018-03-22T21:17:14.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2023-09-28T16:22:50.000Z (almost 2 years ago)
• Last Synced: 2025-01-19T07:13:54.484Z (6 months ago)
• Topics: owner-platform-services
• Language: Go
• Homepage:
• Size: 1.73 MB
• Stars: 1
• Watchers: 10
• Forks: 1
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# PAW: Privileged Access Watcher

This goal of this project is to watch privileged IAM groups in AWS

for membership additions and deletions, then notify a specific Slack

channel for visibility and notification to the affected person.

All of this is accomplished in an automated fashion, with a reaction

time of 1-2 minutes of the membership event occurring.  This relies on

a CloudWatch Event Rule, Lambda function, and Slack Incoming Webhook.

When a user is added to a group, the following Slack message appears in a

channel:

![Adding a Group Member Notification](extras/examples/add-group-member.png)

Conversely, when a user is removed from a group, the following message

appears:

![Removing a Group Member Notification](extras/examples/remove-group-member.png)

## Launching the Project

Since the IAM component being monitored is a global resource, the

AWS resources are all created in one region.

1. Deploy the IAM resources.

  Run `make deploy-iam-stack` and follow the prompts.

1. Set the Slack Webhook URL into SSM ParameterStore

  Run `make init-ssm` and follow the prompts.

1. Deploy the code resources.

  Run `make deploy-code-stack` and follow the prompts.

1. Prepare the Lambda function for code deployment.

  Run `make prepare-code-stack` and follow the prompts.

1. Deploy the code.

  Run `make deploy-code` and follow the prompts.

The code deploy step can happen as frequent as needed, while the 

infrastructure stack will update rarely.  If the infrastructure

does need to be updated, it is best to use CloudFormation Change Sets

to control the update and enforce change management.

## Custom Slack Emojis

This project uses custom Slack emojis to personalize the messages sent

to Slack.  You can find the custom emojis in the

[extras/emojis](extras/emojis) directory.  Customize your Slack emojis

by uploading the PNG files with the names specified in

[constants.go](constants.go).