From 0c4111efda933a76aecf5c2afea3b6d5e58354e2 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Wed, 24 Mar 2021 15:11:00 +0100
Subject: [PATCH] Moved assume role before listing regions fixes issue #744

---
 prowler | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/prowler b/prowler
index b31a8d2f..4b0784d8 100755
--- a/prowler
+++ b/prowler
@@ -254,9 +254,13 @@ unset AWS_DEFAULT_OUTPUT
 . $PROWLER_DIR/include/securityhub_integration
 . $PROWLER_DIR/include/junit_integration
 
+if [[ $ACCOUNT_TO_ASSUME ]]; then
+  assume_role
+fi
+
 # Get list of regions based on include/whoami
 REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1)
-if [[ $(echo "$REGIONS" | grep AccessDenied) ]]; then
+if [[ $(echo "$REGIONS" | grep 'AccessDenied\|UnauthorizedOperation') ]]; then
   echo "Access Denied trying to describe regions"
   EXITCODE=1
   exit $EXITCODE