No Products in the Cart
Automatically triages risky AWS misconfigurations and alerts your team.
Pipeline: Security Hub or AWS Config -> EventBridge rules -> SNS (HTTP) -> n8n Webhook -> Normalize -> AI Prioritizer -> Airtable (log) -> Gmail (email)
Normalizes incoming findings (S3 / Security Groups / IAM / RDS) into a consistent JSON.
Uses an LLM to assign a priority ( P0–P3 ) with rationale and remediation steps.
Upserts the finding into Airtable (avoids duplicates).
Emails a compact incident summary to your inbox. This can be swapped for Microsoft Teams or Slack, etc.
Category: Security / Cloud / Alerting
Time to set up: ~10–15 minutes
Difficulty: Beginner–Intermediate
Cost: Mostly free (n8n CE + AWS SNS/EventBridge; OpenAI + Airtable/Gmail as used)
An n8n instance reachable over HTTP .
AWS account (one region) with permissions to create SNS topics and EventBridge rules .
Security Hub enabled (or AWS Config rules that emit compliance events).
n8n credentials: OpenAI , Airtable , Gmail .
Webhooks (POST /aws-misconfig
)
Code: SNS Handler (token check, confirm/unwrap)
IF: route mode === "confirm"
vs notification
HTTP Request: SNS SubscriptionConfirmation
(GET)
Code: Normalize Finding
Message a model: AI Prioritizer (JSON out)
Airtable: Create/Upsert
Gmail: Send message
Edit Fields: final JSON response
Import and activate the workflow in n8n.
Webhook Respond: When Last Node Finishes -> First Entry JSON .
Append a shared secret to the URL, eg ?token=MY_SUPER_TOKEN
, and keep the check in the SNS Handler code node.
Create an SNS topic (eg, misconfig-events
) in the same region as your EventBridge rules.
Create EventBridge rules targeting the SNS topic:
Rule A (Security Hub): source = aws.securityhub
, detail-type = Security Hub Findings - Imported
Rule B (AWS Config): source = aws.config
, detail-type = Config Rules Compliance Change
Create an SNS subscription with Protocol = HTTP and Endpoint = your production webhook URL :
http://YOUR_HOST:5678/webhook/aws-misconfig?token=MY_SUPER_TOKEN
(The workflow auto-confirms the subscription on first POST.)
Configure Airtable (Upsert on Finding ID ) and Gmail recipients.