access-review
npx machina-cli add skill BagelHole/DevOps-Security-Agent-Skills/access-review --openclawAccess Review
Implement periodic access review processes.
Review Process
access_review_workflow:
1_extract:
- Pull access data from systems
- Generate access report
2_review:
- Manager certification
- Risk-based prioritization
- Decision documentation
3_action:
- Revoke unnecessary access
- Update exceptions
- Document decisions
4_report:
- Compliance metrics
- Remediation tracking
AWS IAM Review
# Generate credential report
aws iam generate-credential-report
aws iam get-credential-report --output text --query Content | base64 -d
# Find inactive users
aws iam list-users | jq -r '.Users[] | select(.PasswordLastUsed < "2024-01-01") | .UserName'
# List unused access keys
aws iam get-access-key-last-used --access-key-id AKIAXXXXXXXX
Automation
def generate_access_report():
users = get_all_users()
report = []
for user in users:
report.append({
'user': user.email,
'roles': user.roles,
'last_login': user.last_login,
'manager': user.manager,
'review_status': 'pending'
})
return report
Best Practices
- Quarterly reviews minimum
- Risk-based frequency
- Manager attestation
- Automated revocation
- Audit trail maintenance
Source
git clone https://github.com/BagelHole/DevOps-Security-Agent-Skills/blob/main/compliance/governance/access-review/SKILL.mdView on GitHub Overview
Access Review implements a repeatable governance process to certify user permissions, revoke unnecessary access, and maintain an auditable trail. It separates the workflow into extraction, review, action, and reporting to support ongoing access compliance.
How This Skill Works
The skill orchestrates a four-step workflow: 1) extract—pull access data from systems and generate an access report; 2) review—manager certification with risk-based prioritization and documented decisions; 3) action—revoke unnecessary access and update exceptions; 4) report—capture compliance metrics and remediation progress. Automation, exemplified by a Python function that builds a user-focused report, underpins consistent, repeatable execution.
When to Use It
- When establishing or improving access governance and recertification programs
- During regular compliance audits or certification cycles
- After onboarding, promotions, or role changes to revalidate access
- As part of regulatory or policy-driven review cadences
- To identify and revoke inactive or unused credentials
Quick Start
- Step 1: Pull access data from systems and generate an initial access report (users, roles, last login, manager, review status).
- Step 2: Run manager certification and risk-based prioritization to approve or revoke access.
- Step 3: Revoke unnecessary access, update exceptions, and log decisions for audit and remediation tracking.
Best Practices
- Quarterly reviews minimum
- Risk-based frequency aligned to data sensitivity
- Manager attestation as part of the review
- Automated revocation of unnecessary access
- Maintain an audit trail of decisions and remediation actions
Example Use Cases
- Enterprise IAM governance spanning cloud and on-prem resources with quarterly attestations
- SOC 2 / ISO 27001 compliance program requiring formal recertification and remediation tracking
- Finance and HR app access reviewed on a quarterly cycle with risk-based prioritization
- Automated offboarding and access revocation triggered by role changes or terminations
- Audit-ready dashboards that surface remediation status and certification outcomes
