A daily access check: two-factor and stale keys

Every day the scenario checks in AWS IAM whether everyone has login protection on, warns them in Slack and deactivates keys once you confirm.

  • Every user checked, every day
  • The warning lands in Slack
  • Keys are switched off only on your say-so
  • Violations never pile up