Find AccessDenied Events and Send Report to Slack Channel
This automation lists "AccessDenied" events with users and source IP addresses and reports the results to the Slack channel. Any event in your AWS account that attempts to act beyond the limits of authorized permissions will trigger an "AccessDenied" error. Tracking "AccessDenied" errors in your AWS account is a useful way to identify security threats and optimize your IAM permissions.
  1. Format start time to epoch time.
  2. Get AccessDenied events and format the logs.
  3. Send report to Slack channel.