How to Create a Security Bot

This guide will walk you through the process of creating a security bot in autobotAI to automate the task of removing unused EC2 key pairs.

Prerequisites:

1. An active autobotAI account
2. An AWS account with the necessary permissions for EC2

---

Steps to Create a Security Bot

1. Log In to autobotAI

1. Access your autobotAI account.

2. Navigate to Bots

1. In the autobotAI interface, select Action Resources, then choose Bots from the dropdown menu.
   

3. View Available Bots

1. The bots page will display all available bots in your workspace.

4. Create a New Bot

1. Click the + New button at the top-right corner of the page to create a new bot.

5. Configure the Bot Workflow

1. In the workflow editor:
   1. Select the autobotAI icon to choose a trigger. You can pick from Scheduled or Event-driven triggers. For this example, we’ll use Scheduled.
   2. Click Bot Details at the top-right corner.
   3. Fill in the bot details:
      1. Name: Provide a descriptive name, such as EC2 Remove Unused Key Pairs.
      2. Topic: Choose a relevant topic, such as Cloud Security - AWS EC2.
      3. Category: Select Security.
      4. Importance: Set an appropriate importance level.
      5. Provide additional details such as tags, description, and permissions.

6. Complete Bot Configuration

1. Once the details are filled out, click Finish to finalize the bot’s basic configuration.

7. Add Actions to the Workflow

1. From the Actions menu, drag and drop actions into the workflow. You can include:
   1. Low-code options, such as Steampipe queries.
   2. Predefined low-code nodes for simplified drag-and-drop configuration.
   3. Full-code actions, such as Python scripts, for advanced customizations.

8. Modify Actions

1. For example, to get EC2 key pair details in your AWS account:

   1. Under Actions, search for AWS, select 'self-owned', then search for EC2.

   2. Drag the action into the workflow, click Modify, and select the relevant integration.

9. Add Additional Workflow Nodes

1. To extend the workflow, drag more actions into the workspace as needed.

10. Set Up Conditions

1. To filter unused EC2 key pairs, add a Condition node:
   1. Click + Rule and configure the condition:
      1. In the first dropdown, select type to access the JSON paths in the query builder. Choose the relevant field by clicking on the + symbol.

         Note: Make sure to run the previous action before selecting the JSON path in the query builder.

      2. Set the second dropdown to equal.
      3. Enter True in the third field to filter EC2 key pairs.

11. Confirm the Rule

1. Click Save Changes to apply the condition.
   To learn more about how the condition node works, please visit here.

12. Add an Approval Node

1. Drag an Approval node after the condition node on the true side.

2. Configure the approval node:

   1. Click on the node and fill in details such as Title, Approval Message, Approvers, and Communication Channels.

   To learn more about how the approval node works, please visit here.

13. Add a Python Action

1. To remove unused EC2 key pairs, add a Python action:
   1. Pass the filtered EC2 key pairs through params.
   2. Modify the action code if needed by selecting Modify.

14. Save the Bot

1. Once all configurations are complete, click Save to save your bot.

15. Run the Bot

1. Click Run to execute the bot. Upon successful execution, the bot will automatically remove unused EC2 key pairs from your AWS account.

Congratulations! Your security bot is now ready to run and help manage unused EC2 key pairs in your AWS environment.