Adding runbook for SC IAM 22 (#144)

Author: tmekari

source/playbooks/SC/bin/security_controls.ts

@@ -68,6 +68,7 @@ const remediations: IControl[] = [
   { control: 'IAM.16', executes: 'IAM.7' },
   { control: 'IAM.17', executes: 'IAM.7' },
   { control: 'IAM.18' },
+  { control: 'IAM.22' },
   { control: 'KMS.4' },
   { control: 'Lambda.1' },
   { control: 'RDS.1' },

source/playbooks/SC/lib/control_runbooks-construct.ts

@@ -26,6 +26,7 @@ import * as iam_3 from '../ssmdocs/SC_IAM.3';
 import * as iam_7 from '../ssmdocs/SC_IAM.7';
 import * as iam_8 from '../ssmdocs/SC_IAM.8';
 import * as iam_18 from '../ssmdocs/SC_IAM.18';
+import * as iam_22 from '../ssmdocs/SC_IAM.22';
 import * as kms_4 from '../ssmdocs/SC_KMS.4';
 import * as lambda_1 from '../ssmdocs/SC_Lambda.1';
 import * as rds_1 from '../ssmdocs/SC_RDS.1';
@@ -92,6 +93,7 @@ export class ControlRunbooks extends Construct {
     this.add(iam_7.createControlRunbook(this, 'IAM.7', props));
     this.add(iam_8.createControlRunbook(this, 'IAM.8', props));
     this.add(iam_18.createControlRunbook(this, 'IAM.18', props));
+    this.add(iam_22.createControlRunbook(this, 'IAM.22', props));
     this.add(kms_4.createControlRunbook(this, 'KMS.4', props));
     this.add(lambda_1.createControlRunbook(this, 'Lambda.1', props));
     this.add(rds_1.createControlRunbook(this, 'RDS.1', props));

source/playbooks/SC/ssmdocs/SC_IAM.22.ts

@@ -0,0 +1,14 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { Construct } from 'constructs';
+import { ControlRunbookDocument } from './control_runbook';
+import { PlaybookProps } from '../lib/control_runbooks-construct';
+import { RevokeUnusedIAMUserCredentialsDocument } from './SC_IAM.8';
+
+export function createControlRunbook(stage: Construct, id: string, props: PlaybookProps): ControlRunbookDocument {
+  return new RevokeUnusedIAMUserCredentialsDocument(stage, id, {
+    ...props,
+    controlId: 'IAM.22',
+    parameterToPass: '45',
+  });
+}