0

I am trying to send SNS messages for old AWS access keys, but am getting the below error:

Response
null
Function Logs
START RequestId: a266bda6-2d17-4c24-a6d3-a0a05180025b Version: $LATEST
[ERROR] 2021-03-17T15:48:33.592Z    a266bda6-2d17-4c24-a6d3-a0a05180025b    Missing final '@domain'

I have tried Googling a bit, and the IAM user accounts are NOT email addresses - just people's first names. The SNS subscriber is already setup, so I'm not sure why it would care to know a user's email address.

Any ideas?

Python Script below:

import boto3, json, time, datetime, sys, re
iam_client = boto3.client('iam')
sns_client = boto3.client('sns')
users = iam_client.list_users()
user_list = []
for key in users['Users']:
    user_list = key['UserName']
    accesskeys = iam_client.list_access_keys(UserName=key['UserName'])
    for items in user_list.split('\n'):
        for key in accesskeys['AccessKeyMetadata']:
            accesskeydate = accesskeys['AccessKeyMetadata'][0]['CreateDate']
            accesskeydate = accesskeydate.strftime("%Y-%m-%d %H:%M:%S")
            currentdate = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime())
            accesskeyd = time.mktime(datetime.datetime.strptime(accesskeydate, "%Y-%m-%d %H:%M:%S").timetuple())
            currentd = time.mktime(datetime.datetime.strptime(currentdate, "%Y-%m-%d %H:%M:%S").timetuple())
            active_days = (currentd - accesskeyd)/60/60/24
            message = (key['UserName'],int(round(active_days))),
            message = re.sub(r'[^a-zA-Z0-9 ]', "", str(message))
            message = re.sub(r' ', ' is ', str(message))
            if active_days >= 1:
                sns_client.publish(
                    TopicArn='<redacted SNS topic>',
                    Subject='User with Old Access Key Detected',
                    Message="The access key for " + str(message) + " days old. This user access key should be replaced ASAP.",
DV82XL
  • 5,350
  • 5
  • 30
  • 59
PowerLine
  • 1
  • 1

1 Answers1

0
       if active_days >= 1:
                sns_client.publish(
                    TopicArn='<redacted SNS topic>',
                    Subject='User with Old Access Key Detected',

For Publishing the message you don't need Subject. You can send message as described as here

SNS Publish API Call

Subject Optional parameter to be used as the "Subject" line when the message is delivered to email endpoints. This field will also be included, if present, in the standard JSON messages delivered to other endpoints.

To publish a message to a topic, we simply call the publish() function, passing the topic’s ARN, the desired message, and optionally a subject (it will only be used in email messages).

aws examples for sns operations using boto3

samtoddler
  • 8,463
  • 2
  • 26
  • 21
  • I tried this, and got the same error: if active_days >= 1: sns_client.publish( TopicArn='', Message='The access key for 1 days old. This user access key should be replaced ASAP.', ) – PowerLine Mar 17 '21 at 19:07
  • @PowerLine for publishing the message as per the documentation I have attached you just need two fields `Message` and `TopicArn` . As you can see [here](https://stackoverflow.com/a/37009414/2246345). – samtoddler Mar 17 '21 at 19:20