diff --git a/prowler/providers/aws/services/opensearch/opensearch_service.py b/prowler/providers/aws/services/opensearch/opensearch_service.py index cab6a989..4e083f3c 100644 --- a/prowler/providers/aws/services/opensearch/opensearch_service.py +++ b/prowler/providers/aws/services/opensearch/opensearch_service.py @@ -94,10 +94,12 @@ class OpenSearchService: DomainName=domain.name ) domain.arn = describe_domain["DomainStatus"]["ARN"] - if "vpc" in describe_domain["DomainStatus"]["Endpoints"]: - domain.endpoint_vpc = describe_domain["DomainStatus"]["Endpoints"][ - "vpc" - ] + domain.endpoint_vpc = None + if "Endpoints" in describe_domain["DomainStatus"]: + if "vpc" in describe_domain["DomainStatus"]["Endpoints"]: + domain.endpoint_vpc = describe_domain["DomainStatus"][ + "Endpoints" + ]["vpc"] domain.vpc_id = describe_domain["DomainStatus"]["VPCOptions"]["VPCId"] domain.cognito_options = describe_domain["DomainStatus"][ "CognitoOptions" diff --git a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py index 4fbe1e48..3888426b 100644 --- a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py +++ b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py @@ -45,7 +45,8 @@ class s3_bucket_public_access(Check): if bucket.policy: for statement in bucket.policy["Statement"]: if ( - "*" == statement["Principal"] + "Principal" in statement + and "*" == statement["Principal"] and statement["Effect"] == "Allow" ): report.status = "FAIL"