To determine if there are any IAM users created in your AWS account, Ensure that the access to your AWS services and resources is made only through individual IAM users instead of the root account.
IAM Group With Inline Policies
Sends a report of IAM groups that are using inline policies. Using managed policies is a better practice and they ensure better control and access management to your account.
IAM Access Keys Rotated 90 Days
Sends a report if your IAM user access keys are not changed in the past 90 days. Rotating the keys minimises the chance of malicious users gaining access to your account.
IAM Access Keys Rotated 45 Days
Sends a report if the IAM user access keys have not been changed in the past 45 days. Rotating the keys minimises the chance that your account can be accessed by malicious users.
IAM users MFA Enabled
Sends a report of the IAM users in your AWS account whose MFA is not enabled. Having MFA-protected IAM users is the best way to protect your AWS resources and services against attackers.
IAM Users doesn't Exist In Groups
Sends a report of IAM users which are not part of any group in your AWS account. This workflow will help to check which user have the policies inherited from group instead.
IAM Users Without "AWSSupportAccess" Policy Attached
Send report of IAM users which does not have "AWSSupportAccess" policy attached.
IAM Users - Admin Access Check
Sends a report of IAM users which have Admin access. Administrator access should be given to trusted users only.
Iam user unused Password
Send report of IAM users whose Password is enabled but has not been used from past 90 days. These users are considered as unused IAM users and can be safely removed from your AWS account
IAM Policy Change Events
Send report of all IAM Policy changes in your AWS account. If any operations like create/delete IAM policy/User/role is performed in your AWS account then this workflow will generate a report of it and send it to your email.
IAM User Inactivity Exceeds 10 Days
This workflow periodically find inactive IAM users, helping you to easily monitor and control user activity and keep a regular check upon your users.
Send report of EC2 Instances which are using IAM access keys
It is an AWS best practice to use IAM Roles over IAM Access Keys to sign AWS API requests, as Roles provide more flexibility to manage permissions. This workflow sends a report of EC2 instances which are not using IAM Roles.