{ "name": "Automated GitHub scanner for exposed AWS IAM keys", "nodes": [ { "id": "84edf6c4-fc87-4b34-86c6-ad72c15cafe8", "name": "When clicking ‘Execute workflow’", "type": "n8n-nodes-base.manualTrigger", "position": [ -880, 75 ] }, { "id": "b2c1157f-c1eb-4d22-95d0-6ec166a93a4a", "name": "Split Users for Processing", "type": "n8n-nodes-base.splitInBatches", "position": [ -220, 75 ] }, { "id": "ae5a0e4f-892c-4a75-bdcc-36253fbc7274", "name": "Get User Access Keys", "type": "n8n-nodes-base.httpRequest", "position": [ 0, 0 ] }, { "id": "0946f05d-11f0-480b-934a-c996bbb9551e", "name": "Filter Active Keys Only", "type": "n8n-nodes-base.if", "position": [ 220, 0 ] }, { "id": "8f9db031-245e-4c00-bdb9-4ed55e9b57b2", "name": "Search GitHub for Exposed Keys", "type": "n8n-nodes-base.httpRequest", "position": [ 880, 0 ] }, { "id": "a6cd482c-86d2-49ac-aefe-6beec92c98af", "name": "Aggregate Search Results", "type": "n8n-nodes-base.code", "position": [ 1100, 0 ] }, { "id": "75ed15ec-fdee-4644-a83c-6b47005dcac1", "name": "Check For Compromised Keys", "type": "n8n-nodes-base.if", "position": [ 1320, 0 ] }, { "id": "57753be8-33d2-4172-94a2-0d5a4f7c73ec", "name": "Generate Security Report", "type": "n8n-nodes-base.code", "position": [ 1540, 0 ] }, { "id": "f2634090-b035-4592-ad56-b970c2bff14c", "name": "Continue Scanning", "type": "n8n-nodes-base.noOp", "position": [ 2340, 80 ] }, { "id": "158340f1-4dc4-4b4c-933f-95a28be524dc", "name": "Slack", "type": "n8n-nodes-base.slack", "position": [ 2020, 0 ] }, { "id": "c0300832-418b-4fa8-98b6-2b799f2bcfe6", "name": "Format Slack Alert", "type": "n8n-nodes-base.code", "position": [ 1760, 0 ] }, { "id": "3ed685c7-27b5-4a00-840a-6f9dddff6d3f", "name": "Prepare Github Search", "type": "n8n-nodes-base.code", "position": [ 440, 0 ] }, { "id": "e58f0cd8-13df-41eb-9a9c-99efc7eba0c4", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ -900, -680 ], "parameters": { "width": 1120, "height": 580, "content": "# 🔐🕵️‍♂️ GitHub Scanner for Exposed AWS IAM Keys – Quick Overview\n\n## ⚙️ Workflow at a Glance\n\n1. 🔍 **Automated Discovery** \n Scans GitHub repositories for exposed AWS IAM access keys associated wi" } }, { "id": "ef29b02b-f2a4-4642-a5c4-c9685b0e2c22", "name": "Rate Limit Wait", "type": "n8n-nodes-base.wait", "position": [ 660, 0 ] }, { "id": "714724b6-9aaf-4d17-97b7-1a3fd3dcaeae", "name": "List AWS Users1", "type": "n8n-nodes-base.httpRequest", "position": [ -660, 80 ] }, { "id": "a1448a68-81aa-4571-8f62-617c57daa6e6", "name": "Extract AWS Usernames", "type": "n8n-nodes-base.code", "position": [ -440, 75 ] }, { "id": "2339c570-93a3-4c1a-ae0d-2eb9810eeee8", "name": "Disable Access Keys", "type": "n8n-nodes-base.httpRequest", "position": [ 1200, -620 ] }, { "id": "99938eb1-580b-4a91-b7a7-83464b33053e", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ 240, -680 ], "parameters": { "width": 1200, "height": 580, "content": "## 🚨 Automate Disable Access Keys\n\n### 1. Prerequisites\n\n- Configure AWS credentials in n8n with appropriate IAM permissions \n- Create an `Extract_Key_Info` node that provides the compromised key's I" } } ], "connections": { "Slack": { "main": [ [ { "node": "Continue Scanning", "type": "main", "index": 0 } ] ] }, "List AWS Users1": { "main": [ [ { "node": "Extract AWS Usernames", "type": "main", "index": 0 } ] ] }, "Rate Limit Wait": { "main": [ [ { "node": "Search GitHub for Exposed Keys", "type": "main", "index": 0 } ] ] }, "Continue Scanning": { "main": [ [ { "node": "Split Users for Processing", "type": "main", "index": 0 } ] ] }, "Format Slack Alert": { "main": [ [ { "node": "Slack", "type": "main", "index": 0 } ] ] }, "Get User Access Keys": { "main": [ [ { "node": "Filter Active Keys Only", "type": "main", "index": 0 } ] ] }, "Extract AWS Usernames": { "main": [ [ { "node": "Split Users for Processing", "type": "main", "index": 0 } ] ] }, "Prepare Github Search": { "main": [ [ { "node": "Rate Limit Wait", "type": "main", "index": 0 } ] ] }, "Filter Active Keys Only": { "main": [ [ { "node": "Prepare Github Search", "type": "main", "index": 0 } ] ] }, "Aggregate Search Results": { "main": [ [ { "node": "Check For Compromised Keys", "type": "main", "index": 0 } ] ] }, "Generate Security Report": { "main": [ [ { "node": "Format Slack Alert", "type": "main", "index": 0 } ] ] }, "Check For Compromised Keys": { "main": [ [ { "node": "Generate Security Report", "type": "main", "index": 0 } ] ] }, "Split Users for Processing": { "main": [ [], [ { "node": "Get User Access Keys", "type": "main", "index": 0 } ] ] }, "Search GitHub for Exposed Keys": { "main": [ [ { "node": "Aggregate Search Results", "type": "main", "index": 0 } ] ] }, "When clicking ‘Execute workflow’": { "main": [ [ { "node": "List AWS Users1", "type": "main", "index": 0 } ] ] } } }