Merge pull request #47 from dwc0011/add-key-threshold-to-template-data

Add key threshold to template data

Author: dwc0011

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.0.0
+current_version = 1.0.1
 commit = True
 message = Bumps version to {new_version}
 tag = False

CHANGELOG.md

@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [1.0.1](https://github.com/plus3it/terraform-aws-tardigrade-iam-key-enforcer/releases/tag/1.0.1)
+
+**Released**: 2025.12.23
+
+**Summary**:
+
+*   Add key_use_threshold to the admin template data for use in admin email templates
+*   Updates default python lambda runtime from `3.11 to 3.12`
+*   Tools
+        *   tardigrade-ci `0.24.15` -> `0.28.5`
+        *   terraform-aws-lambda `7.2.3` -> `8.1.2`
+
+
 ### [1.0.0](https://github.com/plus3it/terraform-aws-tardigrade-iam-key-enforcer/releases/tag/1.0.0)
 
 **Released**: 2024.03.08

Dockerfile

@@ -1,4 +1,4 @@
-FROM plus3it/tardigrade-ci:0.28.4
+FROM plus3it/tardigrade-ci:0.28.5
 
 COPY ./src/python/requirements.txt /app/requirements/lambda.txt
 

email_templates/admin_email.html

@@ -14,11 +14,13 @@ <h3 style="color:red">
 {{/if}}
 
 <p>
-    Access Keys over {{key_age_inactive}} days old have been DEACTIVATED, keys older than {{key_age_delete}} days have
-    been DELETED.
-    Access keys over {{key_age_warning}} days old are DEACTIVATED at {{key_age_inactive}} days old and DELETED after
-    {{key_age_delete}} days old.
-    Rotate any keys as necessary to prevent disruption to your applications.
+    Warnings begin for Access Keys at {{key_age_warning}} days.
+
+    Access Keys are DISABLED at {{key_age_inactive}} days and are DELETED at {{key_age_delete}} days.
+
+    Access Keys that have never been used are deleted at {{key_use_threshold}} days.
+
+    Rotate Access Keys as necessary to prevent disruption to your applications or services.
 </p>
 
 {{#if exempt_groups}}

email_templates/admin_email.txt

@@ -10,9 +10,13 @@
     The information below is for informational purposes and represents the results if the IAM Key Enforcer were active.
 {{/if}}
 
-Access Keys over {{key_age_inactive}} days old have been DEACTIVATED, keys older than {{key_age_delete}} days have been DELETED.
-Access keys over {{key_age_warning}} days old are DEACTIVATED at {{key_age_inactive}} days old and DELETED after {{key_age_delete}} days old.
-Rotate any keys as necessary to prevent disruption to your applications.
+Warnings begin for Access Keys at {{key_age_warning}} days.
+
+Access Keys are DISABLED at {{key_age_inactive}} days and DELETED at {{key_age_delete}} days.
+
+Access Keys that have never been used are deleted at {{key_use_threshold}} days.
+
+Rotate Access Keys as necessary to prevent disruption to your applications or services.
 
 
 {{#if exempt_groups}}

src/python/iam_key_enforcer.py

@@ -452,6 +452,7 @@ def admin_email_template_data(key_report_contents, event, exempt_groups):
         "key_age_inactive": KEY_AGE_INACTIVE,
         "key_age_delete": KEY_AGE_DELETE,
         "key_age_warning": KEY_AGE_WARNING,
+        "key_use_threshold": KEY_USE_THRESHOLD,
     }
 
     template_data.update(optional_email_template_data(event, exempt_groups))