The Grim Reaper is a Slack App that deactivates user accounts no longer associated with an Azure AD instance. The company identity provider currently supported is Azure AD and others can be integrated if needed.
Grim Reaper is built wholy in AWS and is initiated via a daily Cloudwatch Rules job. All compute components are Lambda based and the workflow is orchestrated using Step Functions. There is an API Gateway for receiving responses from Slack as part of the bot's messenger feature. The entire application is codified and deployed using SAM.
The following logical design represents the Step Functions steps:
The following physical design represents the overall AWS architecture: