Cisco Meraki Administrator Security Management Tool

Terraform
Python
Meraki
License

A comprehensive Infrastructure as Code solution for managing Cisco Meraki dashboard administrators with automated security monitoring and compliance reporting.

Cisco Meraki - Administrator Security Dashboard

🚀 Features

🏗️ Infrastructure as Code

  • Terraform-based administrator management
  • Declarative configuration with version control
  • Idempotent operations - safe to run multiple times
  • Bulk operations - manage hundreds of administrators

🔒 Security Monitoring

  • 2FA compliance tracking and reporting
  • API usage monitoring and risk assessment
  • Inactive administrator detection
  • Automated security alerts and notifications

📊 Professional Dashboard

  • UI responsive web interface
  • Real-time security status visualization
  • Compliance reporting with exportable data
  • Risk assessment with detailed recommendations

📝 Easy Management

  • CSV-based configuration - no complex syntax
  • Automated workflows with CI/CD integration
  • Comprehensive logging and error handling
  • Multi-organization support for MSPs

📋 Architecture Overview

Simple workflow: CSV DataTerraformMeraki APISecurity AnalysisWeb Dashboard

🛠️ Prerequisites

Before you begin, ensure you have:

  • Terraform >= 1.0 installed (Download)
  • Python 3.6+ with pip (Download)
  • Meraki Dashboard API Key with organization admin privileges
  • Basic knowledge of CSV files and command line

⚡ Quick Start

1️⃣ Download and Setup

# Clone or download this repository
git clone https://github.com/yourusername/meraki-admin-security-tool.git
cd meraki-admin-security-tool

# Install Python dependencies
pip install requests

# Initialize Terraform
terraform init

2️⃣ Configure Your Environment

# Set your Meraki API key (recommended)
export MERAKI_API_KEY="your_api_key_here"

# OR create terraform.tfvars file
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your API key

3️⃣ Define Your Administrators

Edit admins.csv with your administrator details:

email,permission_level,organization_id
admin@company.com,full,123456
readonly@company.com,read-only,123456
security@company.com,full,654321
analyst@company.com,read-only,654321

4️⃣ Apply Configuration

# Preview changes
terraform plan

# Apply configuration
terraform apply

5️⃣ Generate Security Report

# Export data for dashboard
./export_outputs.sh

# Start web server (optional)
cd web_ui
python3 -m http.server 8080
# Open http://localhost:8080/dashboard.html

📊 Dashboard Features

Security Overview Cards

  • Total Administrators - Complete count across all organizations
  • High-Risk Administrators - Immediate attention required
  • 2FA Compliance - Two-factor authentication adoption rate
  • API Usage Status - Active vs. inactive API users

Risk Management Section

  • Critical Security Risks - Administrators requiring immediate attention
  • Detailed Risk Reasons - Specific security concerns explained
  • Compliance Status - Visual indicators for quick assessment
  • Actionable Recommendations - Clear next steps for remediation

Administrator Overview

  • Complete Administrator List - All administrators with security details
  • Permission Tracking - Current access levels and organization assignments
  • Activity Monitoring - Last API usage and activity timestamps
  • Security Status - Visual indicators for 2FA, API keys, and risk level

🔧 Configuration Options

Environment Variables

# Required: Meraki API Key
export MERAKI_API_KEY="your_meraki_api_key"

# Optional: Debug mode
export TF_LOG=DEBUG

# Optional: Custom CSV file location
export TF_VAR_admins_csv_file="custom_admins.csv"

Terraform Variables

Variable Description Default Example
meraki_api_key Meraki Dashboard API Key null "abc123..."
admins_csv_file Path to administrators CSV "admins.csv" "data/admins.csv"
api_inactivity_threshold_days Days before flagging inactive API usage 30 45

CSV File Format

The administrators CSV file requires these columns:

  • email (required): Administrator email address
  • permission_level (required): full or read-only
  • organization_id (required): Target Meraki organization ID

Example CSV Format:

email,permission_level,organization_id
john.admin@company.com,full,123456
jane.readonly@company.com,read-only,123456
security.team@company.com,full,654321

🚨 Security Monitoring

Automated Risk Assessment

The tool automatically identifies administrators who pose security risks:

High-Risk Criteria

  • 2FA Not Enabled - Missing two-factor authentication
  • Dormant API Keys - Have API access but haven't used it recently
  • Inactive Administrators - No API activity beyond threshold period
  • Permission Mismatches - Inappropriate access levels

Security Validation Logic

# Example security validation
is_high_risk = (
    not two_factor_enabled or
    (has_api_key and last_usage > 30_days_ago) or
    (has_api_key and never_used_api)
)

Compliance Reporting

  • 2FA Adoption Rate - Percentage of administrators with 2FA enabled
  • API Usage Statistics - Active vs. inactive API key holders
  • Risk Distribution - Breakdown of security risk categories
  • Trend Analysis - Historical compliance data (with regular runs)

🔄 Automation and CI/CD

GitHub Actions Integration

Create .github/workflows/security-check.yml:

name: Daily Security Check

on:
  schedule:
    - cron: '0 9 * * *'  # Daily at 9 AM
  workflow_dispatch:

jobs:
  security-check:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v2
    
    - name: Run Security Assessment
      env:
        MERAKI_API_KEY: ${{ secrets.MERAKI_API_KEY }}
      run: |
        terraform init
        terraform apply -auto-approve
        ./export_outputs.sh
    
    - name: Upload Security Report
      uses: actions/upload-artifact@v3
      with:
        name: security-report
        path: web_ui/terraform_outputs.json

Cron Automation

# Add to crontab for daily checks
0 9 * * * cd /path/to/project && terraform apply -auto-approve && ./export_outputs.sh

Automated Workflow: Schedule → Security Scan → Risk Assessment → Report Generation → Notification

🛠️ Advanced Usage

Multiple Organizations

email,permission_level,organization_id
admin@company.com,full,123456
admin@company.com,read-only,654321
regional@company.com,full,789012

Custom Risk Thresholds

# terraform.tfvars
api_inactivity_threshold_days = 45  # Custom threshold

Integration with External Systems

# Export data for external processing
terraform output -json > security_data.json

# Send to monitoring system
curl -X POST -H "Content-Type: application/json" \
  -d @security_data.json \
  https://your-monitoring-system.com/api/security-reports

🚨 Troubleshooting

Common Issues and Solutions

API Rate Limits

# Solution: Add delays between operations
export TF_LOG=DEBUG
terraform apply

# Check rate limit status
curl -H "X-Cisco-Meraki-API-Key: $MERAKI_API_KEY" \
  https://api.meraki.com/api/v1/organizations

Permission Errors

# Verify API key permissions
terraform output admin_summary

# Check organization access
curl -H "X-Cisco-Meraki-API-Key: $MERAKI_API_KEY" \
  "https://api.meraki.com/api/v1/organizations/YOUR_ORG_ID/admins"

CSV Format Issues

# Validate CSV format
python3 -c "import csv; print(list(csv.DictReader(open('admins.csv'))))"

Debug Mode

Enable detailed debug output for troubleshooting:

export TF_LOG=DEBUG
terraform apply

📈 Performance and Scale

Benchmarks

Metric Small Org Medium Org Large Org
Administrators 1-10 11-100 100+
Execution Time <30s 1-3 min 3-10 min
Memory Usage <50MB 50-200MB 200MB+
API Calls 10-20 50-150 200+

Optimization Tips

# Parallel execution for large deployments
terraform apply -parallelism=10

# Reduced API calls with caching
export TF_LOG=WARN  # Reduce logging overhead

🔐 Security Considerations

API Key Management

  • Store API keys as environment variables only
  • Never commit API keys to version control
  • Use secure credential management in production
  • Regularly rotate API keys

Access Control

  • Limit API key permissions to required organizations
  • Implement proper file permissions (600) for sensitive files
  • Use HTTPS for all API communications
  • Enable audit logging for all changes

Data Protection

# Secure file permissions
chmod 600 terraform.tfvars
chmod 600 *.tfstate
chmod +x scripts/*.py

🤝 Contributing

We welcome contributions! Please see our Contributing Guidelines.

Development Setup

# Fork and clone repository
git clone https://github.com/yourusername/meraki-admin-security-tool.git
cd meraki-admin-security-tool

# Install development dependencies
pip install requests pytest

# Run tests
terraform validate
python3 -m pytest tests/ (if tests exist)

# Format code
terraform fmt

Feature Requests

Have an idea? Create a discussion or open an issue!

Popular requested features:

  • Slack/Teams notifications
  • PDF report generation
  • Historical trend analysis
  • Custom security policies
  • SSO integration
  • Multi-tenant dashboard
  • Email alerting system
  • Custom compliance rules

📊 Output Examples

Terraform Outputs

# View security summary
terraform output admin_security_report

# Check risky administrators
terraform output risky_admins_alert

# View compliance metrics
terraform output two_factor_compliance

# API usage statistics
terraform output api_usage_summary

Example Output Format

{
  "risky_admins_alert": {
    "count": 2,
    "message": "Security risks detected",
    "details": {
      "admin@company.com": {
        "email": "admin@company.com",
        "organization_id": "123456",
        "reasons": ["2FA not enabled", "Has API key but never used APIs"]
      }
    }
  }
}

📋 File Structure

meraki-admin-security-tool/
├── README.md                   # This file
├── LICENSE                     # MIT License
├── main.tf                     # Main Terraform configuration
├── variables.tf                # Variable definitions
├── outputs.tf                  # Output definitions
├── terraform.tfvars.example   # Example variables file
├── admins.csv                  # Administrator definitions
├── export_outputs.sh          # Export script for web UI
├── scripts/
│   └── check_2fa_status.py    # Security monitoring script
├── web_ui/
│   └── dashboard.html         # Professional security dashboard
└── docs/
    ├── INSTALLATION.md        # Detailed installation guide
    └── TROUBLESHOOTING.md     # Common issues and solutions

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License - Feel free to use, modify, and distribute
Commercial use ✅ | Private use ✅ | Modification ✅ | Distribution ✅

🙏 Acknowledgments

  • Cisco DevNet for the excellent Meraki Terraform provider
  • HashiCorp for Terraform and comprehensive documentation

📞 Support and Community

Type Link Description
📖 Documentation Wiki Detailed guides and examples
🐛 Bug Reports Issues Report bugs and request features
💬 Discussions Discussions Ask questions and share ideas
📧 Contact Email Direct support contact

⭐ If this tool helps you manage Meraki administrators more securely, please star the repository!

Made with ❤️ for the Cisco community

  • By Udara Thenuwara
View code on GitHub
  • Owner

  • Contributors

    +1Github contributor
  • Categories

  • Products

    Meraki
  • Programming Languages

    HTML
  • License

    MIT License

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.