By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Correct workflow for IAM password expiry email notifications

1

Hello all!

Is there currently a supported way of providing users with password expiry notifications via email? I've started putting something together using Lambda and the IAM credentials report, but that seems like a feature that might already exist - what would be the correct way to implement this?

Topics
AWS Well-Architected FrameworkSecurity, Identity, & Compliance
Tags
SecurityIAM Policies
Language
English
danielpodwysocki
asked 2 years ago289 views
1 Answer
0

Hello danielpodwysocki,

You seem to be on the right track with putting something together using Lambda and IAM credentials report, although IAM Management console does include a 15 day warning for password expiration on IAM user accounts[1], I think this is not sufficient for what you are trying to accomplish. This is a third party link that will provide some more detail on creating a script that would allow for you to utilize Lambda to create an email notification workflow[2].

Let me know if you have any other questions.

References: [1]https://aws.amazon.com/blogs/security/new-iam-features-enhanced-password-management-and-credential-reports/#:~:text=Users%20are%20notified%20starting%2015,access%20the%20AWS%20Management%20Console. [2]https://stackoverflow.com/questions/58082159/how-to-notify-iam-users-when-password-access-keys-expire

Michael_O
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content