Skip to content

Commit 7f268fb

Browse files
paliwalvimalpaliwalvimal
authored
add encryption support (skildops#22)
* add support for encrypting key pair before sending it to the user * update permission of destructor lambda and delete ssm param upon key destruction * add function to delete ssm parameter * update helper script and remove template_file dependency * multiple updates * add helper script to decrypt cipher * multiple updates * fix permission and variable value type * update github labels * add checkov skip statements * update readme * update logic flow in readme and diagram * udpate readme * comment pull request trigger for semgrep * modify semgrep config as per official doc * use action rather than container for semgrep * add semgrepignore file
1 parent cf92e05 commit 7f268fb

16 files changed

+414
-171
lines changed

.github/workflows/semgrep.yml

+14-10
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ name: semgrep
22

33
on:
44
# Scan changed files in PRs, block on new issues only (existing issues ignored)
5-
pull_request:
6-
branches: [ main ]
5+
# pull_request:
6+
# branches: [ main ]
77

88
# Scan all files on branches, block on any issues
99
push:
@@ -15,26 +15,30 @@ on:
1515
# schedule:
1616
# - cron: '30 0 1,15 * *' # scheduled for 00:30 UTC on both the 1st and 15th of the month
1717

18+
permissions:
19+
contents: read # for actions/checkout to fetch code
20+
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
21+
1822
defaults:
1923
run:
2024
working-directory: src
2125

2226
jobs:
2327
semgrep:
24-
permissions:
25-
contents: read # for actions/checkout to fetch code
26-
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
2728
name: scan
2829
runs-on: ubuntu-latest
29-
container:
30-
image: returntocorp/semgrep
31-
# Skip any PR created by dependabot to avoid permission issues
32-
if: (github.actor != 'dependabot[bot]')
3330
steps:
3431
# Fetch project source
3532
- uses: actions/checkout@v3
3633

37-
- run: semgrep ci --config "p/ci" --config "p/python" --config "p/owasp-top-ten" --sarif --output=semgrep.sarif
34+
- uses: returntocorp/semgrep-action@v1
35+
with:
36+
generateSarif: "1"
37+
config: >-
38+
p/ci
39+
p/python
40+
p/owasp-top-ten
41+
p/cwe-top-25
3842
3943
- name: Upload SARIF file
4044
uses: github/codeql-action/upload-sarif@v2

.semgrepignore

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
terraform/

README.md

+5-4
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,10 @@ This tool generates a new IAM access key pair every X number of days and informs
2424
![aws-iam-key-rotator](iam-key-rotator.jpeg "AWS IAM Key Rotator")
2525

2626
- CloudWatch triggers lambda function which checks the age of access key for all the IAM users who have **IKR:EMAIL**(case-insensitive) tag attached.
27-
- If existing access key age is greater than `ACCESS_KEY_AGE` environment variable or `IKR:ROTATE_AFTER_DAYS` tag associated to the IAM user and if the user ONLY has a single key pair associated a new key pair is generated and the same is mailed to the user via your selected mail service.
28-
- The existing access key is than stored in DynamoDB table with user details and an expiration timestamp.
29-
- DynamoDB stream triggers destructor lambda function which is responsible for deleting the old access key associated to IAM user if the stream event is `delete`.
30-
- In case it fails to delete the existing key pair the entry is added back to the DynamoDB table so that the same can be picked up later for retry.
27+
- If existing access key age is greater than `ACCESS_KEY_AGE` environment variable or `IKR:ROTATE_AFTER_DAYS` tag associated to the IAM user and if the user ONLY has a single key pair associated, a new key pair is generated and if `ENCRYPT_KEY_PAIR` environment variable is set to true the new key pair is encrypted using a symmetric key which is stored in SSM parameter (`/ikr/secret/iam/IAM_USERNAME`) before the same is mailed to the user via the selected mail service.
28+
- The existing access key is then stored in DynamoDB table with user details and an expiration timestamp.
29+
- DynamoDB stream triggers destructor lambda function which is responsible for deleting the old access key associated to IAM user and the SSM parameter that stores the symmetric encryption key if `ENCRYPT_KEY_PAIR` environment variable is set to true. The destruction operation is carried out only if the DynamoDB stream event is of type `delete`.
30+
- In case the destructor function fails to delete the existing key pair, the entry is added back to the DynamoDB table for retry.
3131

3232
### Setup:
3333
- Use the [terraform module](terraform) included in this repo to create all the AWS resources required to automate IAM key rotation
@@ -41,3 +41,4 @@ This tool generates a new IAM access key pair every X number of days and informs
4141

4242
### Helper Script:
4343
- `tag-iam-users.py`: Tags IAM users by reading **iam-user-tags.json** file
44+
- `decryption.py`: Decrypt cipher text using the encryption key stored in the SSM parmeter store

decryption.py

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
import os
2+
3+
from cryptography.fernet import Fernet
4+
5+
ENC_KEY = os.environ.get('ENC_KEY', None)
6+
CIPHER_TEXT = os.environ.get('CIPHER_TEXT', None)
7+
8+
if ENC_KEY is None:
9+
raise KeyError('ENC_KEY is required to decrypt the cipher text')
10+
11+
if CIPHER_TEXT is None:
12+
raise KeyError('CIPHER_TEXT is required')
13+
14+
f = Fernet(ENC_KEY)
15+
print(f.decrypt(CIPHER_TEXT.encode('utf-8')).decode('utf-8'))

iam-key-rotator.drawio

+124-1
Original file line numberDiff line numberDiff line change
@@ -1 +1,124 @@
1-
<mxfile host="Electron" modified="2021-06-03T05:34:09.166Z" agent="5.0 (Macintosh; Intel Mac OS X 11_3_0) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/14.6.13 Chrome/89.0.4389.128 Electron/12.0.7 Safari/537.36" etag="4mfJHJVs-9AIu1A0B5z_" version="14.6.13" type="device"><diagram id="9zp9oJUibIssuBAXWE32" name="Page-1">7Vtbc9o4FP41zD6FwRa28WMMSduZdCbTZLeXl4zAAtTKFpVFgP31K8mSsS2TJo25pAtJBnR0saTznU/nHJQOGCbrdwwu5h9pjEjH7cXrDhh1XNdxer54k5JNLhn0glwwYzjWjbaCO/wv0sKeli5xjLJKQ04p4XhRFU5omqIJr8ggY3RVbTalpPrUBZwhS3A3gcSWfsYxn5t1+eG24j3Cs7l+9MDV60ugaaxXks1hTFclEbjqgCGjlOefkvUQEbl5Zl/yftc7aouJMZTy53SIUvKF3NHvS+fn7PZ+Cu5+fnt/4eplPEKy1CvWs+UbswWPiHEsduQGjhG5pRnmmKaiakw5p0kHRKbBJcEzWcHpQkjnPCGi4IiPYukLOViynkmUdMcww5MuU/qKppiQISWUiR0ZpTRFsgNn9Eex4WqIHBlijSDCaZyv2SuaqgG2/Ysx1QrAtXoJub1nehvlEtC6JNJ7+A7RBHG2EU1MLdD61IB2+hrhqy08QkcPOy8hA/h6a6GG5KwYe6s18UEr7iVKtHQ4JHQZf4Z8Mhfyq0e52rpW6ZITnIqNM3Yjd3ZKU17aN/FzLecRCbXFGG3rmrc5GjrA83fpJIbZHMX6Qb+JKahLEzEXxKogk3PX/OG4pqzXKx8Js0W+0Cley3lEC4rlKGp7sh1Ihaus30WyxQPHCXoQyFV92wCSVwWSoEYLSMHAxpGRtQ4jmwpGmxQmdBRZ4FFbp57vReJXTHyY/3midiglXddrEDbJAlvo2M3Em9P0hLqwSRbYQsduJktm1lVhkyzw7BnXezsNvZ1ab/ELolfZoqjrjwJRWaobYUmuuUmllEk41Y1VvPpRaBmrqJmq1ylabKN1MpTRJZugDxM5n0gU80/VVrGCcjxux3b9sHYI+Ee2XeMulYz3w+VHIfg7Qyw72+9p2++11w/64cvsdxg4wLn+39gvli4f5psHmMYPcDJBWfaQwFR434ky44jU1lVMeA/mfvSj2un/2m1HsQhkdFFCiM5oCsnVVhoxuhSetAHIts0NlapXKv6OON9oHcMlp1UA7NzaXKNPLcDEcpDNEH8GscnVPMurMhFN4Z7vSweuTbkibkyFJGfeZc68vdWcSljAR9RxfSKhOmbi00x+yoEsqn+gjXwT0anArNiWuRyo3vqLjKPhxqZzuTnKrqvqsWy3buIJjuMcCUjEV3BcWG71fBg1qvppYNZtq4jQ9VMqQXCTIi96XXGqOlVl5iWGCOT4sRqhN+lXD34rV7MdGThi5LD0GjQ9xIxHp9MMcQstxYRfYcTeMWxW6I9tvuj+qvBVFrqeKY7W5crRply6RUxEQQpMSvh6AtiLXatRLhmDm1IDjemdsPB6VRwAJyxr/Zft+yCsoSSfQXPv+pFiehfTzZlR92offMUhWGIvlMaShBSHoQRiopJtWyqr89EKc5lfgOIvRaucxRQcMDtlivLaoqhet+8NQEWNF6+kqNowByAh/0xCv/ZCwj+NrJzwCbJqjWPsxOQdp8KQc0+nIAzNI/f3Nw0eUhprAvorK9ESjGOmPKfTpRm/PZoBg0HYiuvjeF0ADkYt9hEzZAgKBFhq20MyetTzhk7w5yWjCUzGMXyYLlOdIGgjwAUnF+ACCzvHOKd+/2hxn3my7NUPfp0K7O8D7hmezfKodiEOYRpLoyCbU2Zhg6M24lHPGbitenvG+vxu2Dju/jnaBUd1/4rCcdw/99TcuhD4lSe8LKYM/OaI9GAx5cD295piSpxOKUtwOrPdvW3qrKOyYHJ1aI0zrlrn/mK9zxzKJ4wRks+IERHYiE+Yktw2KakHwmbqeCUlXfS7TnAwEvIt3Lytw94QyVvOZgeWDkbKlCoG2GyubyLt47YYj7l+P2jFzMRYhzMzg9KKikV0tJyokMyHiYxq0nG2KHb15EO0Aic7AWSgRtCUHy9Gq387yfIYqo3YbRAGRVC/Dd+6Ost5tAAueFsUHj6XwffpM76OwU1eu+n+ltADQzBRrhiTnJ6pO4F1PlfZ/rhECj0t0SdBnrVTrP/UV5lqeRmdYKhcMZPgy926kz0hDGRbcczcsF+1yXb8Mhd0/aBp3P0fH8A+Phxbm4TgRSbVsppjju4WUFndSnBjTb/W3ZDKlV/Dx9cwwUSu9B7OaQJlOzGk8EUinZsb9beyT5rXXOtIEYdNrH4MFQu4/pgpujnczWG3nmQL7SSbuVRQ5mgja50xgJ1ka3C8zxrdqVEvqAbcxXF6NI3a94IaEjxnjT5boyA8tkbtU71/1uiLNOpVz0vf9owPq1E729FwEeis0d0BT1C7fO0d20bt3EnDrYqzRndr1K3aqDs4to3ameyGePas0d0ard2LAmFwMI2Sdzfzx0//3PLoQ+/95epbOuBDkxYvKfQjxKQhHj3NPNebuorQEEBbYNqJHOtipLkD3H4mSxS3/36bh8nbf2IGV/8B</diagram></mxfile>
1+
<mxfile host="Electron" modified="2023-04-04T21:36:39.528Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/21.1.2 Chrome/106.0.5249.199 Electron/21.4.3 Safari/537.36" etag="IZNVAtsaUwbHOiNjfb5G" version="21.1.2" type="device">
2+
<diagram id="9zp9oJUibIssuBAXWE32" name="Page-1">
3+
<mxGraphModel dx="1306" dy="809" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0">
4+
<root>
5+
<mxCell id="0" />
6+
<mxCell id="1" parent="0" />
7+
<mxCell id="BnlXlSoju1qgPTf3SqZH-29" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;strokeColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
8+
<mxGeometry x="130" y="146" width="911" height="362" as="geometry" />
9+
</mxCell>
10+
<mxCell id="BnlXlSoju1qgPTf3SqZH-2" value="CloudWatch Event" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#BC1356;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.event_time_based;" parent="1" vertex="1">
11+
<mxGeometry x="150" y="280" width="78" height="78" as="geometry" />
12+
</mxCell>
13+
<mxCell id="BnlXlSoju1qgPTf3SqZH-9" value="DynamoDB" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#4D72F3;gradientDirection=north;fillColor=#3334B9;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.dynamodb;" parent="1" vertex="1">
14+
<mxGeometry x="690" y="160" width="78" height="78" as="geometry" />
15+
</mxCell>
16+
<mxCell id="BnlXlSoju1qgPTf3SqZH-10" value="IAM Users" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;gradientColor=#F54749;gradientDirection=north;fillColor=#C7131F;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.identity_and_access_management;labelPosition=center;" parent="1" vertex="1">
17+
<mxGeometry x="690" y="280" width="78" height="78" as="geometry" />
18+
</mxCell>
19+
<mxCell id="BnlXlSoju1qgPTf3SqZH-14" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-11" target="BnlXlSoju1qgPTf3SqZH-10" edge="1">
20+
<mxGeometry x="129" y="148" as="geometry" />
21+
</mxCell>
22+
<mxCell id="BnlXlSoju1qgPTf3SqZH-20" value="Scan IAM users who have&lt;br&gt;access keys older than&lt;br&gt;X days" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-14" vertex="1" connectable="0">
23+
<mxGeometry x="-0.1601" y="1" relative="1" as="geometry">
24+
<mxPoint x="31.169999999999998" y="1" as="offset" />
25+
</mxGeometry>
26+
</mxCell>
27+
<mxCell id="BnlXlSoju1qgPTf3SqZH-15" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="BnlXlSoju1qgPTf3SqZH-11" edge="1">
28+
<mxGeometry x="129" y="148" as="geometry">
29+
<Array as="points">
30+
<mxPoint x="508" y="319" />
31+
<mxPoint x="508" y="439" />
32+
</Array>
33+
<mxPoint x="690" y="439" as="targetPoint" />
34+
</mxGeometry>
35+
</mxCell>
36+
<mxCell id="BnlXlSoju1qgPTf3SqZH-21" value="Sends an email to users&lt;br&gt;new (encrypted) key pair" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-15" vertex="1" connectable="0">
37+
<mxGeometry x="0.4583" y="-1" relative="1" as="geometry">
38+
<mxPoint y="-1" as="offset" />
39+
</mxGeometry>
40+
</mxCell>
41+
<mxCell id="BnlXlSoju1qgPTf3SqZH-16" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="BnlXlSoju1qgPTf3SqZH-11" target="BnlXlSoju1qgPTf3SqZH-9" edge="1">
42+
<mxGeometry x="129" y="148" as="geometry">
43+
<Array as="points">
44+
<mxPoint x="508" y="319" />
45+
<mxPoint x="508" y="199" />
46+
</Array>
47+
</mxGeometry>
48+
</mxCell>
49+
<mxCell id="BnlXlSoju1qgPTf3SqZH-22" value="Stores old key with TTL&lt;br&gt;and user&#39;s email address" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-16" vertex="1" connectable="0">
50+
<mxGeometry x="0.3889" relative="1" as="geometry">
51+
<mxPoint x="15.33" as="offset" />
52+
</mxGeometry>
53+
</mxCell>
54+
<mxCell id="BnlXlSoju1qgPTf3SqZH-11" value="Creator" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#D05C17;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.lambda_function;" parent="1" vertex="1">
55+
<mxGeometry x="390" y="280" width="78" height="78" as="geometry" />
56+
</mxCell>
57+
<mxCell id="BnlXlSoju1qgPTf3SqZH-13" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-2" target="BnlXlSoju1qgPTf3SqZH-11" edge="1">
58+
<mxGeometry x="129" y="148" as="geometry" />
59+
</mxCell>
60+
<mxCell id="BnlXlSoju1qgPTf3SqZH-19" value="Triggers periodically" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-13" vertex="1" connectable="0">
61+
<mxGeometry x="-0.5182" y="-1" relative="1" as="geometry">
62+
<mxPoint x="36.9" y="-1" as="offset" />
63+
</mxGeometry>
64+
</mxCell>
65+
<mxCell id="BnlXlSoju1qgPTf3SqZH-23" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="BnlXlSoju1qgPTf3SqZH-12" edge="1">
66+
<mxGeometry x="129" y="148" as="geometry">
67+
<Array as="points">
68+
<mxPoint x="936" y="439" />
69+
</Array>
70+
<mxPoint x="768" y="439" as="targetPoint" />
71+
</mxGeometry>
72+
</mxCell>
73+
<mxCell id="BnlXlSoju1qgPTf3SqZH-28" value="Sends an email informing&lt;br&gt;IAM user that existing key&lt;br&gt;has been deleted" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-23" vertex="1" connectable="0">
74+
<mxGeometry x="-0.0399" y="-1" relative="1" as="geometry">
75+
<mxPoint x="-4.17" as="offset" />
76+
</mxGeometry>
77+
</mxCell>
78+
<mxCell id="BnlXlSoju1qgPTf3SqZH-26" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-12" target="BnlXlSoju1qgPTf3SqZH-10" edge="1">
79+
<mxGeometry x="129" y="148" as="geometry" />
80+
</mxCell>
81+
<mxCell id="BnlXlSoju1qgPTf3SqZH-27" value="Delete existing&lt;br&gt;IAM key pair" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-26" vertex="1" connectable="0">
82+
<mxGeometry x="0.2647" relative="1" as="geometry">
83+
<mxPoint x="20.17" as="offset" />
84+
</mxGeometry>
85+
</mxCell>
86+
<mxCell id="BnlXlSoju1qgPTf3SqZH-12" value="Destructor&amp;nbsp;" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#D05C17;strokeColor=none;dashed=0;verticalLabelPosition=middle;verticalAlign=middle;align=left;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.lambda_function;labelPosition=right;" parent="1" vertex="1">
87+
<mxGeometry x="897.33" y="280.5" width="78" height="78" as="geometry" />
88+
</mxCell>
89+
<mxCell id="BnlXlSoju1qgPTf3SqZH-17" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="BnlXlSoju1qgPTf3SqZH-9" target="BnlXlSoju1qgPTf3SqZH-12" edge="1">
90+
<mxGeometry x="129" y="148" as="geometry" />
91+
</mxCell>
92+
<mxCell id="BnlXlSoju1qgPTf3SqZH-25" value="DynamoDB streams are sent&lt;br&gt;to destructor to delete old IAM&lt;br&gt;access key associated with user" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="BnlXlSoju1qgPTf3SqZH-17" vertex="1" connectable="0">
93+
<mxGeometry x="-0.2943" y="1" relative="1" as="geometry">
94+
<mxPoint x="23.67" y="1" as="offset" />
95+
</mxGeometry>
96+
</mxCell>
97+
<mxCell id="BnlXlSoju1qgPTf3SqZH-32" value="1" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
98+
<mxGeometry x="290" y="290" width="20" height="20" as="geometry" />
99+
</mxCell>
100+
<mxCell id="BnlXlSoju1qgPTf3SqZH-33" value="2" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
101+
<mxGeometry x="578" y="278" width="20" height="20" as="geometry" />
102+
</mxCell>
103+
<mxCell id="BnlXlSoju1qgPTf3SqZH-34" value="3" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
104+
<mxGeometry x="578" y="398" width="20" height="20" as="geometry" />
105+
</mxCell>
106+
<mxCell id="BnlXlSoju1qgPTf3SqZH-35" value="4" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
107+
<mxGeometry x="575" y="165" width="20" height="20" as="geometry" />
108+
</mxCell>
109+
<mxCell id="BnlXlSoju1qgPTf3SqZH-36" value="5" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
110+
<mxGeometry x="870" y="158" width="20" height="20" as="geometry" />
111+
</mxCell>
112+
<mxCell id="BnlXlSoju1qgPTf3SqZH-37" value="6" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
113+
<mxGeometry x="825" y="285" width="20" height="20" as="geometry" />
114+
</mxCell>
115+
<mxCell id="BnlXlSoju1qgPTf3SqZH-38" value="7" style="ellipse;whiteSpace=wrap;html=1;aspect=fixed;strokeWidth=2;fontFamily=Tahoma;spacingBottom=4;spacingRight=2;strokeColor=#d3d3d3;labelBackgroundColor=none;fillColor=#FFFFFF;" parent="1" vertex="1">
116+
<mxGeometry x="883" y="397" width="20" height="20" as="geometry" />
117+
</mxCell>
118+
<mxCell id="lGLhvRVPtBI0HAwZn8tC-1" value="Mailer" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#D05C17;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.lambda_function;" parent="1" vertex="1">
119+
<mxGeometry x="690" y="401" width="78" height="78" as="geometry" />
120+
</mxCell>
121+
</root>
122+
</mxGraphModel>
123+
</diagram>
124+
</mxfile>

iam-key-rotator.jpeg

-179 KB
Loading

0 commit comments

Comments
 (0)