Automated GitHub Scanner for Exposed AWS IAM Keys - n8n Workflow | Neura Market
Automated GitHub Scanner for Exposed AWS IAM Keys
# Automated GitHub Scanner for Exposed AWS IAM Keys
## Overview
This n8n workflow automatically scans GitHub for exposed AWS IAM access keys associated with your AWS account, helping security teams quickly identify and respond to potential security breaches. When compromised keys are found, the workflow generates detailed security reports and sends Slack notifications with actionable remediation steps.
## Key Features
- **Automated AWS IAM Key Scanning**: Regularly checks for exposed AWS access keys on GitHub
- **Real-time Security Alerts**: Sends immediate Slack notifications when compromised keys are detected
- **Comprehensive Security Reports**: Generates detailed reports with exposure information and risk assessment
- **Actionable Remediation Steps**: Provides clear instructions for securing compromised credentials
- **Continuous Monitoring**: Maintains ongoing surveillance of your AWS environment
## Workflow Steps
1. **List AWS Users**: Retrieves all users from your AWS account
2. **Split Users for Processing**: Processes each user individually
3. **Get User Access Keys**: Retrieves access keys for each user
4. **Filter Active Keys Only**: Focuses only on currently active access keys
5. **Search GitHub for Exposed Keys**: Scans GitHub repositories for exposed access keys
6. **Aggregate Search Results**: Consolidates and deduplicates search findings
7. **Check For Compromised Keys**: Determines if any keys have been exposed
8. **Generate Security Report**: Creates detailed security reports for compromised keys
9. **Extract AWS Usernames**: Extracts usernames from AWS response for notification
10. **Format Slack Alert**: Prepares comprehensive Slack notifications
11. **Send Slack Notification**: Delivers alerts with actionable information
12. **Continue Scanning**: Maintains continuous monitoring cycle
## Setup Requirements
### Prerequisites
- Active n8n instance
- AWS account with IAM permissions
- GitHub account/token for searching repositories
- Slack workspace for notifications
### Required Credentials
1. **AWS Credentials**: - IAM user with permissions to list users and access keys - Access Key ID and Secret Access Key
2. **GitHub Credentials**: - Personal Access Token with search permissions
3. **Slack Credentials**: - Webhook URL for your notification channel
## Configuration
1. **AWS Configuration**: - Configure the List AWS Users node with your AWS credentials - Ensure proper IAM permissions for listing users and access keys
2. **GitHub Configuration**: - Set up the Search GitHub for Exposed Keys node with your GitHub token - Adjust search parameters if needed
3. **Slack Configuration**: - Configure the Slack node with your webhook URL - Customize notification format if desired
## Usage
### Running the Workflow
1. **Manual Execution**: Click Execute Workflow to run an immediate scan
2. **Scheduled Execution**: Set up a schedule to run periodic scans (recommended daily or weekly)
### Repository Compatibility
This workflow is compatible with both public and private GitHub repositories to which you have access. It will scan all repositories you have permission to view based on your GitHub credentials.
### Handling Alerts
When a compromised key is detected:
1. Review the Slack notification for details about the exposure
2. Follow the recommended remediation steps: - Deactivate the compromised key immediately - Create a new key if needed - Investigate the exposure source - Update any services using the compromised key
## Disclaimer
This workflow template is provided for reference purposes only to demonstrate how to automate AWS IAM key exposure scanning. Please note:
- The scanning process may produce false positives as it only matches potential AWS access key patterns
- Always verify any reported exposures manually before taking action
- Disabling or deleting access keys without proper verification could have significant negative impacts on your environment
- Understand which systems and applications rely on identified access keys before deactivating them
- This template should be customized to fit your specific environment and security policies
**IMPORTANT**: Use this workflow with caution and only after thoroughly understanding your AWS environment. The authors of this template are not responsible for any disruptions or damages resulting from its use.
## Security Considerations
- This workflow requires access to sensitive AWS credentials
- Store all credentials securely within n8n
- Review and rotate access keys regularly
## Customization Options
- Adjust GitHub search parameters for more targeted scanning
- Customize Slack notification format and content
- Modify security report generation for your specific needs
- Integrate with additional notification channels (email, MS Teams, etc.)
### Optional: Enabling Interactive Slack Buttons
The Slack Block Kit notification format supports interactive
Platform
n8n
Category
IT & Development
Price
Free
Creator
Niranjan G
✅ Live
ðŸâ€Â SecOps
if
code
noOp
wait
slack
stickyNote
httpRequest
manualTrigger
How to import this workflow into n8n
1Purchase or download the workflow to get the n8n workflow JSON file.
2In your n8n instance, open Workflows and choose "Import from File" (or paste the JSON with Ctrl+V on the canvas).
3Open each node marked with a credential warning and connect your own accounts and API keys.
4Run the workflow once manually to verify the data flow, then toggle it to Active.