forked from skildops/aws-iam-key-rotator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam-key-rotator.drawio
124 lines (124 loc) · 12 KB
/
iam-key-rotator.drawio
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<mxfile host="Electron" modified="2023-04-04T21:36:39.528Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/21.1.2 Chrome/106.0.5249.199 Electron/21.4.3 Safari/537.36" etag="IZNVAtsaUwbHOiNjfb5G" version="21.1.2" type="device">
<diagram id="9zp9oJUibIssuBAXWE32" name="Page-1">
<mxGraphModel dx="1306" dy="809" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="BnlXlSoju1qgPTf3SqZH-29" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;strokeColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="130" y="146" width="911" height="362" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-2" value="CloudWatch Event" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#BC1356;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.event_time_based;" parent="1" vertex="1">
<mxGeometry x="150" y="280" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-9" value="DynamoDB" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#4D72F3;gradientDirection=north;fillColor=#3334B9;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.dynamodb;" parent="1" vertex="1">
<mxGeometry x="690" y="160" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-10" value="IAM Users" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#F54749;gradientDirection=north;fillColor=#C7131F;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.identity_and_access_management;labelPosition=center;" parent="1" vertex="1">
<mxGeometry x="690" y="280" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-14" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-11" target="BnlXlSoju1qgPTf3SqZH-10" edge="1">
<mxGeometry x="129" y="148" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-20" value="Scan IAM users who have<br>access keys older than<br>X days" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-14" vertex="1" connectable="0">
<mxGeometry x="-0.1601" y="1" relative="1" as="geometry">
<mxPoint x="31.169999999999998" y="1" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-15" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="BnlXlSoju1qgPTf3SqZH-11" edge="1">
<mxGeometry x="129" y="148" as="geometry">
<Array as="points">
<mxPoint x="508" y="319" />
<mxPoint x="508" y="439" />
</Array>
<mxPoint x="690" y="439" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-21" value="Sends an email to users<br>new (encrypted) key pair" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-15" vertex="1" connectable="0">
<mxGeometry x="0.4583" y="-1" relative="1" as="geometry">
<mxPoint y="-1" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-16" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="BnlXlSoju1qgPTf3SqZH-11" target="BnlXlSoju1qgPTf3SqZH-9" edge="1">
<mxGeometry x="129" y="148" as="geometry">
<Array as="points">
<mxPoint x="508" y="319" />
<mxPoint x="508" y="199" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-22" value="Stores old key with TTL<br>and user's email address" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-16" vertex="1" connectable="0">
<mxGeometry x="0.3889" relative="1" as="geometry">
<mxPoint x="15.33" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-11" value="Creator" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#D05C17;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.lambda_function;" parent="1" vertex="1">
<mxGeometry x="390" y="280" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-13" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-2" target="BnlXlSoju1qgPTf3SqZH-11" edge="1">
<mxGeometry x="129" y="148" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-19" value="Triggers periodically" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-13" vertex="1" connectable="0">
<mxGeometry x="-0.5182" y="-1" relative="1" as="geometry">
<mxPoint x="36.9" y="-1" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-23" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="BnlXlSoju1qgPTf3SqZH-12" edge="1">
<mxGeometry x="129" y="148" as="geometry">
<Array as="points">
<mxPoint x="936" y="439" />
</Array>
<mxPoint x="768" y="439" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-28" value="Sends an email informing<br>IAM user that existing key<br>has been deleted" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-23" vertex="1" connectable="0">
<mxGeometry x="-0.0399" y="-1" relative="1" as="geometry">
<mxPoint x="-4.17" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-26" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-12" target="BnlXlSoju1qgPTf3SqZH-10" edge="1">
<mxGeometry x="129" y="148" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-27" value="Delete existing<br>IAM key pair" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-26" vertex="1" connectable="0">
<mxGeometry x="0.2647" relative="1" as="geometry">
<mxPoint x="20.17" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-12" value="Destructor&nbsp;" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#D05C17;strokeColor=none;dashed=0;verticalLabelPosition=middle;verticalAlign=middle;align=left;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.lambda_function;labelPosition=right;" parent="1" vertex="1">
<mxGeometry x="897.33" y="280.5" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-17" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-9" target="BnlXlSoju1qgPTf3SqZH-12" edge="1">
<mxGeometry x="129" y="148" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-25" value="DynamoDB streams are sent<br>to destructor to delete old IAM<br>access key associated with user" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-17" vertex="1" connectable="0">
<mxGeometry x="-0.2943" y="1" relative="1" as="geometry">
<mxPoint x="23.67" y="1" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-32" value="1" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="290" y="290" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-33" value="2" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="578" y="278" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-34" value="3" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="578" y="398" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-35" value="4" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="575" y="165" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-36" value="5" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="870" y="158" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-37" value="6" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="825" y="285" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="BnlXlSoju1qgPTf3SqZH-38" value="7" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="883" y="397" width="20" height="20" as="geometry" />
</mxCell>
<mxCell id="lGLhvRVPtBI0HAwZn8tC-1" value="Mailer" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#D05C17;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.lambda_function;" parent="1" vertex="1">
<mxGeometry x="690" y="401" width="78" height="78" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>