Level 200: Automated IAM User Cleanup


This hands-on lab will guide you through the steps to deploy a AWS Lambda function with AWS Serverless Application Model (SAM) to provide regular insights on IAM User/s and AWS Access Key usage within your account. You will use the AWS SAM CLI to package your deployment. Skills learned will help you secure your AWS account in alignment with the AWS Well-Architected Framework.


  • Identify orphaned IAM Users and AWS Access Keys
  • Take action to automatically remove IAM Users and AWS Access Keys no longer needed
  • Reduce identity sprawl


  • An AWS account that you are able to use for testing, that is not used for production or other purposes. NOTE: You will be billed for any applicable AWS resources used if you complete this lab.
  • Select region with support for AWS Lambda from the list: AWS Regions and Endpoints.
  • AWS Serverless Application Model (SAM) installed and configured. The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications. It provides shorthand syntax to express functions, APIs, databases, and event source mappings. With just a few lines per resource, you can define the application you want and model it using YAML. During deployment, SAM transforms and expands the SAM syntax into AWS CloudFormation syntax, enabling you to build serverless applications faster.

Start the Lab!


Licensed under the Apache 2.0 and MITnoAttr License.

Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at


or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.