diff --git a/prowler/providers/aws/lib/audit_info/audit_info.py b/prowler/providers/aws/lib/audit_info/audit_info.py index 085d8c02..665aa43b 100644 --- a/prowler/providers/aws/lib/audit_info/audit_info.py +++ b/prowler/providers/aws/lib/audit_info/audit_info.py @@ -18,6 +18,7 @@ current_audit_info = AWS_Audit_Info( user_agent_extra=boto3_user_agent_extra, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition=None, audited_identity_arn=None, diff --git a/prowler/providers/aws/lib/audit_info/models.py b/prowler/providers/aws/lib/audit_info/models.py index 96a26dc0..1b68fecb 100644 --- a/prowler/providers/aws/lib/audit_info/models.py +++ b/prowler/providers/aws/lib/audit_info/models.py @@ -37,6 +37,7 @@ class AWS_Audit_Info: # https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html session_config: Config audited_account: int + audited_account_arn: str audited_identity_arn: str audited_user_id: str audited_partition: str diff --git a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py index ab5c3357..19f18108 100644 --- a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py +++ b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py @@ -9,6 +9,7 @@ class account_maintain_current_contact_details(Check): report = Check_Report_AWS(self.metadata()) report.region = account_client.region report.resource_id = account_client.audited_account + report.resource_arn = account_client.audited_account_arn report.status = "INFO" report.status_extended = "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information." return [report] diff --git a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py index e4a9a38c..5e41e8cd 100644 --- a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py +++ b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py @@ -9,6 +9,7 @@ class account_security_contact_information_is_registered(Check): report = Check_Report_AWS(self.metadata()) report.region = account_client.region report.resource_id = account_client.audited_account + report.resource_arn = account_client.audited_account_arn report.status = "INFO" report.status_extended = "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section." return [report] diff --git a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py index 6621e23e..5b51f7ff 100644 --- a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py +++ b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py @@ -9,6 +9,7 @@ class account_security_questions_are_registered_in_the_aws_account(Check): report = Check_Report_AWS(self.metadata()) report.region = account_client.region report.resource_id = account_client.audited_account + report.resource_arn = account_client.audited_account_arn report.status = "INFO" report.status_extended = "Manual check: Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions." return [report] diff --git a/prowler/providers/aws/services/account/account_service.py b/prowler/providers/aws/services/account/account_service.py index fc9962a6..70778206 100644 --- a/prowler/providers/aws/services/account/account_service.py +++ b/prowler/providers/aws/services/account/account_service.py @@ -7,6 +7,8 @@ class Account: self.service = "account" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py b/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py index 0e132a18..21a0a18c 100644 --- a/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py +++ b/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py @@ -8,8 +8,8 @@ class backup_plans_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No Backup Plan Exist" - report.resource_arn = "" - report.resource_id = "Backups" + report.resource_arn = backup_client.audited_account_arn + report.resource_id = backup_client.audited_account report.region = backup_client.region if backup_client.backup_plans: report.status = "PASS" diff --git a/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py b/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py index b4196731..7a099732 100644 --- a/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py +++ b/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py @@ -10,8 +10,8 @@ class backup_reportplans_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No Backup Report Plan Exist" - report.resource_arn = "" - report.resource_id = "Backups" + report.resource_arn = backup_client.audited_account_arn + report.resource_id = backup_client.audited_account report.region = backup_client.region if backup_client.backup_report_plans: report.status = "PASS" diff --git a/prowler/providers/aws/services/backup/backup_service.py b/prowler/providers/aws/services/backup/backup_service.py index d8335ce8..48b4b31f 100644 --- a/prowler/providers/aws/services/backup/backup_service.py +++ b/prowler/providers/aws/services/backup/backup_service.py @@ -15,6 +15,8 @@ class Backup: self.service = "backup" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, diff --git a/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py b/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py index 6d09e7d6..5c55abbd 100644 --- a/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py +++ b/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py @@ -8,8 +8,8 @@ class backup_vaults_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No Backup Vault Exist" - report.resource_arn = "" - report.resource_id = "Backups" + report.resource_arn = backup_client.audited_account_arn + report.resource_id = backup_client.audited_account report.region = backup_client.region if backup_client.backup_vaults: report.status = "PASS" diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py index db013467..d8dd901e 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py @@ -32,8 +32,8 @@ class cloudtrail_multi_region_enabled(Check): report.status_extended = ( "No CloudTrail trails enabled and logging were found" ) - report.resource_arn = "No trails" - report.resource_id = "No trails" + report.resource_arn = cloudtrail_client.audited_account_arn + report.resource_id = cloudtrail_client.audited_account # If there are no trails logging it is needed to store the FAIL once all the trails have been checked if report.status == "FAIL": findings.append(report) diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py index e8be4b11..9f161017 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py @@ -9,8 +9,8 @@ class cloudtrail_s3_dataevents_read_enabled(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = cloudtrail_client.region - report.resource_id = "No trails" - report.resource_arn = "No trails" + report.resource_arn = cloudtrail_client.audited_account_arn + report.resource_id = cloudtrail_client.audited_account report.status = "FAIL" report.status_extended = "No CloudTrail trails have a data event to record all S3 object-level API operations." for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py index 470aec9f..63f39cd1 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py @@ -9,8 +9,8 @@ class cloudtrail_s3_dataevents_write_enabled(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = cloudtrail_client.region - report.resource_id = "No trails" - report.resource_arn = "No trails" + report.resource_arn = cloudtrail_client.audited_account_arn + report.resource_id = cloudtrail_client.audited_account report.status = "FAIL" report.status_extended = "No CloudTrail trails have a data event to record all S3 object-level API operations." for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py index 9c20160a..2a879449 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py @@ -16,8 +16,9 @@ class Cloudtrail: self.service = "cloudtrail" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account - self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn + self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py index ed6ead46..42777946 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_network_acls_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py index 2d1995d2..f0f0eb0b 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_network_gateways_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py index b8bee128..af5b6b3b 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_network_route_tables_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py index bcd32328..961571ce 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_vpcs_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py index d424cf53..396d7333 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py @@ -7,12 +7,14 @@ class cloudwatch_cross_account_sharing_disabled(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.status = "PASS" - report.status_extended = "CloudWatch doesn't allows cross-account sharing" - report.resource_id = "CloudWatch-CrossAccountSharingRole" + report.status_extended = "CloudWatch doesn't allow cross-account sharing" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account report.region = iam_client.region for role in iam_client.roles: if role.name == "CloudWatch-CrossAccountSharingRole": report.resource_arn = role.arn + report.resource_id = role.name report.status = "FAIL" report.status_extended = "CloudWatch has allowed cross-account sharing." findings.append(report) diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py index aaf14ebc..cf3882a0 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py @@ -23,6 +23,7 @@ class cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_change ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py index e6cf16d7..8fa43c4c 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py @@ -23,6 +23,7 @@ class cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_change ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py index 13e0cebb..4796b2d8 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_authentication_failures(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py index 3f2ae96f..18d8dc8a 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_aws_organizations_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py index afadb54a..a810db8c 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk(Chec ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py index 1b07b210..8a2edf16 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_for_s3_bucket_policy_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py index 57eff50e..03bcbb21 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_policy_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py index 7ac2e53d..1a58fdf3 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_root_usage(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py index 4234657c..c4fe22f5 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_security_group_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py index 905e95bd..448a30e7 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_sign_in_without_mfa(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py index 1dc261dd..728c5814 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_unauthorized_api_calls(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py b/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py index 4907d43d..adfcfcc5 100644 --- a/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py +++ b/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py @@ -8,7 +8,12 @@ class config_recorder_all_regions_enabled(Check): for recorder in config_client.recorders: report = Check_Report_AWS(self.metadata()) report.region = recorder.region - report.resource_id = "" if not recorder.name else recorder.name + report.resource_arn = ( + config_client.audited_account_arn + ) # Config Recorders do not have ARNs + report.resource_id = ( + config_client.audited_account if not recorder.name else recorder.name + ) # Check if Config is enabled in region if not recorder.name: report.status = "FAIL" diff --git a/prowler/providers/aws/services/config/config_service.py b/prowler/providers/aws/services/config/config_service.py index d94d0777..96f47619 100644 --- a/prowler/providers/aws/services/config/config_service.py +++ b/prowler/providers/aws/services/config/config_service.py @@ -14,6 +14,8 @@ class Config: self.service = "config" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) self.recorders = [] diff --git a/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py b/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py index 924bbc58..d7f4dd50 100644 --- a/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py +++ b/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py @@ -9,10 +9,10 @@ class drs_job_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "DRS is not enabled for this region." - report.resource_id = drs.id report.region = drs.region report.resource_tags = [] - report.resource_arn = "" + report.resource_arn = drs_client.audited_account_arn + report.resource_id = drs_client.audited_account if drs.status == "ENABLED": report.status_extended = "DRS is enabled for this region without jobs." if drs.jobs: diff --git a/prowler/providers/aws/services/drs/drs_service.py b/prowler/providers/aws/services/drs/drs_service.py index ea24736b..6b8bf341 100644 --- a/prowler/providers/aws/services/drs/drs_service.py +++ b/prowler/providers/aws/services/drs/drs_service.py @@ -16,6 +16,7 @@ class DRS: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, diff --git a/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py b/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py index 114cb098..1900853b 100644 --- a/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py +++ b/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py @@ -8,7 +8,8 @@ class ec2_ebs_default_encryption(Check): for ebs_encryption in ec2_client.ebs_encryption_by_default: report = Check_Report_AWS(self.metadata()) report.region = ebs_encryption.region - report.resource_id = "EBS Default Encryption" + report.resource_arn = ec2_client.audited_account_arn + report.resource_id = ec2_client.audited_account report.status = "FAIL" report.status_extended = "EBS Default Encryption is not activated." if ebs_encryption.status: diff --git a/prowler/providers/aws/services/ec2/ec2_service.py b/prowler/providers/aws/services/ec2/ec2_service.py index efca6a4f..a98c0347 100644 --- a/prowler/providers/aws/services/ec2/ec2_service.py +++ b/prowler/providers/aws/services/ec2/ec2_service.py @@ -17,6 +17,7 @@ class EC2: self.session = audit_info.audit_session self.audited_partition = audit_info.audited_partition self.audited_account = audit_info.audited_account + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) self.instances = [] diff --git a/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py b/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py index 505de8af..f84e0033 100644 --- a/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py +++ b/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py @@ -9,7 +9,7 @@ class emr_cluster_account_public_block_enabled(Check): report = Check_Report_AWS(self.metadata()) report.region = region report.resource_id = emr_client.audited_account - + report.resource_arn = emr_client.audited_account_arn if emr_client.block_public_access_configuration[ region ].block_public_security_group_rules: diff --git a/prowler/providers/aws/services/emr/emr_service.py b/prowler/providers/aws/services/emr/emr_service.py index 7721aeb9..6b5f579d 100644 --- a/prowler/providers/aws/services/emr/emr_service.py +++ b/prowler/providers/aws/services/emr/emr_service.py @@ -16,6 +16,8 @@ class EMR: self.service = "emr" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) self.clusters = {} diff --git a/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py b/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py index f7244333..d351d941 100644 --- a/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py +++ b/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py @@ -7,8 +7,8 @@ class fms_policy_compliant(Check): findings = [] if fms_client.fms_admin_account: report = Check_Report_AWS(self.metadata()) - report.resource_id = "FMS" - report.resource_arn = "" + report.resource_arn = fms_client.audited_account_arn + report.resource_id = fms_client.audited_account report.region = fms_client.region report.status = "PASS" report.status_extended = "FMS enabled with all compliant accounts" diff --git a/prowler/providers/aws/services/fms/fms_service.py b/prowler/providers/aws/services/fms/fms_service.py index d23a99ad..dc3e8daf 100644 --- a/prowler/providers/aws/services/fms/fms_service.py +++ b/prowler/providers/aws/services/fms/fms_service.py @@ -13,6 +13,7 @@ class FMS: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources global_client = generate_regional_clients( self.service, audit_info, global_service=True diff --git a/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py b/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py index b37941df..f03e0d19 100644 --- a/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py +++ b/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py @@ -8,6 +8,7 @@ class glue_data_catalogs_connection_passwords_encryption_enabled(Check): for encryption in glue_client.catalog_encryption_settings: report = Check_Report_AWS(self.metadata()) report.resource_id = glue_client.audited_account + report.resource_arn = glue_client.audited_account_arn report.region = encryption.region report.status = "FAIL" report.status_extended = ( diff --git a/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py b/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py index 9392b2a0..73143a72 100644 --- a/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py +++ b/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py @@ -8,6 +8,7 @@ class glue_data_catalogs_metadata_encryption_enabled(Check): for encryption in glue_client.catalog_encryption_settings: report = Check_Report_AWS(self.metadata()) report.resource_id = glue_client.audited_account + report.resource_arn = glue_client.audited_account_arn report.region = encryption.region report.status = "FAIL" report.status_extended = ( diff --git a/prowler/providers/aws/services/glue/glue_service.py b/prowler/providers/aws/services/glue/glue_service.py index 98aa3f75..eaa51ea2 100644 --- a/prowler/providers/aws/services/glue/glue_service.py +++ b/prowler/providers/aws/services/glue/glue_service.py @@ -15,7 +15,8 @@ class Glue: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audit_resources = audit_info.audit_resources - self.audited_partition = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.connections = [] self.__threading_call__(self.__get_connections__) diff --git a/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py b/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py index 5aa92668..9e1aa14e 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py @@ -7,7 +7,8 @@ class iam_password_policy_expires_passwords_within_90_days_or_less(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if password policy expiration exists diff --git a/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py b/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py index 0b37d3e3..4a1ee576 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py @@ -7,7 +7,8 @@ class iam_password_policy_lowercase(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if lowercase flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py b/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py index d234515c..8561e3d6 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py @@ -7,7 +7,8 @@ class iam_password_policy_minimum_length_14(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check password policy length diff --git a/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py b/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py index 6f730ec6..9d355e9b 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py @@ -7,7 +7,8 @@ class iam_password_policy_number(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if number flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py b/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py index 8dbd9dee..b248201f 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py @@ -7,7 +7,8 @@ class iam_password_policy_reuse_24(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if reuse prevention flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py b/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py index ebc8a2ba..a2c895c1 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py @@ -7,7 +7,8 @@ class iam_password_policy_symbol(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if symbol flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py b/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py index 09d0ae11..c986ed52 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py @@ -7,7 +7,8 @@ class iam_password_policy_uppercase(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if uppercase flag is set diff --git a/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py b/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py index 318ae020..44e73f21 100644 --- a/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py +++ b/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py @@ -11,8 +11,8 @@ class iam_root_hardware_mfa_enabled(Check): virtual_mfa = False report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "root" - report.resource_arn = f"arn:aws:iam::{iam_client.account}:root" + report.resource_id = "" + report.resource_arn = iam_client.account_arn if iam_client.account_summary["SummaryMap"]["AccountMFAEnabled"] > 0: virtual_mfas = iam_client.virtual_mfa_devices diff --git a/prowler/providers/aws/services/iam/iam_service.py b/prowler/providers/aws/services/iam/iam_service.py index e76c2433..9174777f 100644 --- a/prowler/providers/aws/services/iam/iam_service.py +++ b/prowler/providers/aws/services/iam/iam_service.py @@ -54,6 +54,7 @@ class IAM: self.account = audit_info.audited_account self.audit_resources = audit_info.audit_resources self.partition = audit_info.audited_partition + self.account_arn = audit_info.audited_account_arn self.client = self.session.client(self.service) global_client = generate_regional_clients( self.service, audit_info, global_service=True diff --git a/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py b/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py index 85248a3b..f92f507a 100644 --- a/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py +++ b/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py @@ -11,8 +11,8 @@ class inspector2_findings_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "Inspector2 is not enabled." - report.resource_id = inspector.id - report.resource_arn = "" + report.resource_id = inspector2_client.audited_account + report.resource_arn = inspector2_client.audited_account_arn report.region = inspector.region if inspector.status == "ENABLED": active_findings = 0 diff --git a/prowler/providers/aws/services/inspector2/inspector2_service.py b/prowler/providers/aws/services/inspector2/inspector2_service.py index 69e410df..bd59eb01 100644 --- a/prowler/providers/aws/services/inspector2/inspector2_service.py +++ b/prowler/providers/aws/services/inspector2/inspector2_service.py @@ -13,8 +13,9 @@ class Inspector2: self.service = "inspector2" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account - self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn + self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py b/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py index 0f6d2a9d..64126db2 100644 --- a/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py +++ b/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py @@ -8,7 +8,8 @@ class macie_is_enabled(Check): for session in macie_client.sessions: report = Check_Report_AWS(self.metadata()) report.region = session.region - report.resource_id = "Macie" + report.resource_arn = macie_client.audited_account_arn + report.resource_id = macie_client.audited_account if session.status == "ENABLED": report.status = "PASS" report.status_extended = "Macie is enabled." diff --git a/prowler/providers/aws/services/macie/macie_service.py b/prowler/providers/aws/services/macie/macie_service.py index 2c444270..0ee185f3 100644 --- a/prowler/providers/aws/services/macie/macie_service.py +++ b/prowler/providers/aws/services/macie/macie_service.py @@ -12,6 +12,8 @@ class Macie: self.service = "macie2" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.sessions = [] self.__threading_call__(self.__get_macie_session__) diff --git a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py index f1394445..00da9d79 100644 --- a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py +++ b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py @@ -13,6 +13,7 @@ class resourceexplorer2_indexes_found(Check): report.region = resource_explorer_2_client.region report.resource_arn = "NoResourceExplorer" report.resource_id = resource_explorer_2_client.audited_account + report.resource_arn = resource_explorer_2_client.audited_account_arn if resource_explorer_2_client.indexes: report.region = resource_explorer_2_client.indexes[0].region report.resource_arn = resource_explorer_2_client.indexes[0].arn diff --git a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py index c37fa7e6..dbcb48cc 100644 --- a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py +++ b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py @@ -14,6 +14,8 @@ class ResourceExplorer2: self.session = audit_info.audit_session self.audit_resources = audit_info.audit_resources self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py b/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py index 74910ffa..73bda630 100644 --- a/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py +++ b/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py @@ -11,6 +11,7 @@ class s3_account_level_public_access_blocks(Check): report.status_extended = f"Block Public Access is not configured for the account {s3_client.audited_account}." report.region = s3control_client.region report.resource_id = s3_client.audited_account + report.resource_arn = s3_client.audited_account_arn if ( s3control_client.account_public_access_block and s3control_client.account_public_access_block.ignore_public_acls diff --git a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py index 34c8dc3d..e051740c 100644 --- a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py +++ b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py @@ -17,6 +17,7 @@ class s3_bucket_public_access(Check): report.status_extended = "All S3 public access blocked at account level." report.region = s3control_client.region report.resource_id = s3_client.audited_account + report.resource_arn = s3_client.audited_account_arn findings.append(report) else: # 2. If public access is not blocked at account level, check it at each bucket level diff --git a/prowler/providers/aws/services/s3/s3_service.py b/prowler/providers/aws/services/s3/s3_service.py index a48dd98c..885156e1 100644 --- a/prowler/providers/aws/services/s3/s3_service.py +++ b/prowler/providers/aws/services/s3/s3_service.py @@ -19,6 +19,7 @@ class S3: self.audited_account = audit_info.audited_account self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.buckets = self.__list_buckets__(audit_info) self.__threading_call__(self.__get_bucket_versioning__) diff --git a/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py b/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py index 68a1d400..9abd68e5 100644 --- a/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py +++ b/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py @@ -10,7 +10,8 @@ class ssmincidents_enabled_with_plans(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No SSM Incidents replication set exists." - report.resource_id = "SSMIncidents" + report.resource_arn = ssmincidents_client.audited_account_arn + report.resource_id = ssmincidents_client.audited_account report.region = ssmincidents_client.region if ssmincidents_client.replication_set: report.resource_arn = ssmincidents_client.replication_set[0].arn diff --git a/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py b/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py index a33c2ad8..e2d02ada 100644 --- a/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py +++ b/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py @@ -21,6 +21,7 @@ class SSMIncidents: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, diff --git a/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py b/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py index 69541267..1e89438a 100644 --- a/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py +++ b/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py @@ -14,6 +14,7 @@ class vpc_different_regions(Check): # This is a global check under the vpc service: region, resource_id and tags are not relevant here but we keep them for consistency report.region = vpc_client.region report.resource_id = vpc_client.audited_account + report.resource_arn = vpc_client.audited_account_arn report.status = "FAIL" report.status_extended = "VPCs found only in one region" if len(vpc_regions) > 1: diff --git a/prowler/providers/aws/services/vpc/vpc_service.py b/prowler/providers/aws/services/vpc/vpc_service.py index d9f03ea5..19954007 100644 --- a/prowler/providers/aws/services/vpc/vpc_service.py +++ b/prowler/providers/aws/services/vpc/vpc_service.py @@ -17,6 +17,7 @@ class VPC: self.audited_account = audit_info.audited_account self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.vpcs = {} self.vpc_peering_connections = [] diff --git a/prowler/providers/common/audit_info.py b/prowler/providers/common/audit_info.py index 6866dd6c..949fcf8c 100644 --- a/prowler/providers/common/audit_info.py +++ b/prowler/providers/common/audit_info.py @@ -135,6 +135,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE current_audit_info.audited_partition = parse_iam_credentials_arn( caller_identity["Arn"] ).partition + current_audit_info.audited_account_arn = f"arn:{current_audit_info.audited_partition}:iam::{current_audit_info.audited_account}:root" logger.info("Checking if organizations role assumption is needed ...") if organizations_role_arn: @@ -214,6 +215,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE current_audit_info.audit_session = assumed_session current_audit_info.audited_account = role_arn_parsed.account_id current_audit_info.audited_partition = role_arn_parsed.partition + current_audit_info.audited_account_arn = f"arn:{current_audit_info.audited_partition}:iam::{current_audit_info.audited_account}:root" else: logger.info("Audit session is the original one") current_audit_info.audit_session = current_audit_info.original_session diff --git a/tests/lib/check/check_test.py b/tests/lib/check/check_test.py index 3aecd55c..26746ea5 100644 --- a/tests/lib/check/check_test.py +++ b/tests/lib/check/check_test.py @@ -146,6 +146,7 @@ class Test_Check: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/lib/outputs/outputs_test.py b/tests/lib/outputs/outputs_test.py index ad025dd5..69585910 100644 --- a/tests/lib/outputs/outputs_test.py +++ b/tests/lib/outputs/outputs_test.py @@ -83,6 +83,7 @@ class Test_Outputs: original_session=None, audit_session=None, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -355,6 +356,7 @@ class Test_Outputs: # original_session=None, # audit_session=None, # audited_account=AWS_ACCOUNT_ID, + # audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", # audited_identity_arn="test-arn", # audited_user_id="test", # audited_partition="aws", @@ -400,6 +402,7 @@ class Test_Outputs: original_session=None, audit_session=None, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -475,6 +478,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -524,6 +528,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -580,6 +585,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -687,6 +693,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", diff --git a/tests/lib/outputs/slack_test.py b/tests/lib/outputs/slack_test.py index f0abc50d..befcafdf 100644 --- a/tests/lib/outputs/slack_test.py +++ b/tests/lib/outputs/slack_test.py @@ -32,6 +32,7 @@ class Test_Slack_Integration: original_session=None, audit_session=None, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", diff --git a/tests/providers/aws/aws_provider_test.py b/tests/providers/aws/aws_provider_test.py index e443f5cf..68318557 100644 --- a/tests/providers/aws/aws_provider_test.py +++ b/tests/providers/aws/aws_provider_test.py @@ -44,6 +44,7 @@ class Test_AWS_Provider: original_session=session, audit_session=None, audited_account=None, + audited_account_arn=None, audited_partition=None, audited_identity_arn=None, audited_user_id=None, @@ -103,6 +104,7 @@ class Test_AWS_Provider: original_session=None, audit_session=session, audited_account=None, + audited_account_arn=None, audited_partition="aws", audited_identity_arn=None, audited_user_id=None, @@ -133,6 +135,7 @@ class Test_AWS_Provider: original_session=None, audit_session=session, audited_account=None, + audited_account_arn=None, audited_partition="aws", audited_identity_arn=None, audited_user_id=None, @@ -162,6 +165,7 @@ class Test_AWS_Provider: original_session=None, audit_session=session, audited_account=None, + audited_account_arn=None, audited_partition="aws-cn", audited_identity_arn=None, audited_user_id=None, diff --git a/tests/providers/aws/lib/allowlist/allowlist_test.py b/tests/providers/aws/lib/allowlist/allowlist_test.py index 353b6e27..00e440fd 100644 --- a/tests/providers/aws/lib/allowlist/allowlist_test.py +++ b/tests/providers/aws/lib/allowlist/allowlist_test.py @@ -26,6 +26,7 @@ class Test_Allowlist: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py index 87c235b6..42825b26 100644 --- a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py +++ b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py @@ -79,6 +79,7 @@ class Test_AccessAnalyzer_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/acm/acm_service_test.py b/tests/providers/aws/services/acm/acm_service_test.py index e9f941c0..c7efdebf 100644 --- a/tests/providers/aws/services/acm/acm_service_test.py +++ b/tests/providers/aws/services/acm/acm_service_test.py @@ -105,6 +105,7 @@ class Test_ACM_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py index d569e658..ac9f0621 100644 --- a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py @@ -20,6 +20,7 @@ class Test_apigateway_authorizers_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py index 4cf96447..49ae52e2 100644 --- a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py @@ -20,6 +20,7 @@ class Test_apigateway_client_certificate_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py index 5545235f..82536ffc 100644 --- a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py @@ -19,6 +19,7 @@ class Test_apigateway_endpoint_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py index cbead893..a7d919fb 100644 --- a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py @@ -19,6 +19,7 @@ class Test_apigateway_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_service_test.py b/tests/providers/aws/services/apigateway/apigateway_service_test.py index 29a27336..442aa9dd 100644 --- a/tests/providers/aws/services/apigateway/apigateway_service_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_service_test.py @@ -19,6 +19,7 @@ class Test_APIGateway_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py index e9fc599d..2dc69893 100644 --- a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py @@ -19,6 +19,7 @@ class Test_apigateway_waf_acl_attached: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py index 541918d6..7dd46d2f 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py @@ -48,6 +48,7 @@ class Test_apigatewayv2_access_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py index 76b84d4f..113f3930 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py @@ -48,6 +48,7 @@ class Test_apigatewayv2_authorizers_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py index d2535271..072d8173 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py @@ -50,6 +50,7 @@ class Test_ApiGatewayV2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/appstream/appstream_service_test.py b/tests/providers/aws/services/appstream/appstream_service_test.py index b599b075..3a3c1397 100644 --- a/tests/providers/aws/services/appstream/appstream_service_test.py +++ b/tests/providers/aws/services/appstream/appstream_service_test.py @@ -72,6 +72,7 @@ class Test_AppStream_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py index 1817b0de..5c3a939b 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py @@ -19,6 +19,7 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py index 559e478e..a08e901e 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py @@ -19,6 +19,7 @@ class Test_autoscaling_group_multiple_az: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py index cb042d0e..b585e1cb 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py @@ -21,6 +21,7 @@ class Test_AutoScaling_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py index 3eea78ac..a16f10d1 100644 --- a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py @@ -34,6 +34,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/awslambda/awslambda_service_test.py b/tests/providers/aws/services/awslambda/awslambda_service_test.py index d4e09400..b8cbc7b1 100644 --- a/tests/providers/aws/services/awslambda/awslambda_service_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_service_test.py @@ -76,6 +76,7 @@ class Test_Lambda_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py b/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py index 5bde33d4..9317967a 100644 --- a/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py +++ b/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py @@ -4,11 +4,14 @@ from unittest import mock from prowler.providers.aws.services.backup.backup_service import BackupPlan AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_backup_plans_exist: def test_no_backup_plans(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [] with mock.patch( @@ -26,12 +29,14 @@ class Test_backup_plans_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "No Backup Plan Exist" - assert result[0].resource_id == "Backups" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_backup_plan(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [ BackupPlan( diff --git a/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py b/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py index d8cd2c0b..210db21b 100644 --- a/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py +++ b/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py @@ -7,6 +7,7 @@ from prowler.providers.aws.services.backup.backup_service import ( ) AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_backup_reportplans_exist: @@ -30,6 +31,8 @@ class Test_backup_reportplans_exist: def test_no_backup_report_plans(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [ BackupPlan( @@ -58,12 +61,14 @@ class Test_backup_reportplans_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "No Backup Report Plan Exist" - assert result[0].resource_id == "Backups" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_backup_report_plan(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [ BackupPlan( diff --git a/tests/providers/aws/services/backup/backup_service_test.py b/tests/providers/aws/services/backup/backup_service_test.py index 9d1396c8..9b9d8dc5 100644 --- a/tests/providers/aws/services/backup/backup_service_test.py +++ b/tests/providers/aws/services/backup/backup_service_test.py @@ -72,7 +72,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_Backup_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -83,6 +82,7 @@ class Test_Backup_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py b/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py index 4b374e3e..c816b458 100644 --- a/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py +++ b/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py @@ -3,11 +3,14 @@ from unittest import mock from prowler.providers.aws.services.backup.backup_service import BackupVault AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_backup_vaults_exist: def test_no_backup_vaults(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_vaults = [] with mock.patch( @@ -25,12 +28,14 @@ class Test_backup_vaults_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "No Backup Vault Exist" - assert result[0].resource_id == "Backups" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_backup_vault(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_vaults = [ BackupVault( diff --git a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py index cd8697a3..04279d33 100644 --- a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py +++ b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py @@ -143,6 +143,7 @@ class Test_CloudFormation_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition=None, audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py index ff25c0de..53828408 100644 --- a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py +++ b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py @@ -164,6 +164,7 @@ class Test_CloudFront_Service: region_name=AWS_REGION, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py index 2c022c6e..72ee7922 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py @@ -25,6 +25,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py index 29851dec..f1f2bfbf 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudtrail_cloudwatch_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py index 3debb85f..2d528934 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_insights_exist: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py index cfc33884..50fc6f57 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_kms_encryption_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py index 24fe765c..221188a5 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_log_file_validation_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py index 99a6d1e2..15784218 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py index 5c7ff94e..75a3c66c 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py index a05524c3..088a798a 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudtrail_multi_region_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -63,8 +64,10 @@ class Test_cloudtrail_multi_region_enabled: "No CloudTrail trails enabled and logging were found", report.status_extended, ) - assert report.resource_id == "No trails" - assert report.resource_arn == "No trails" + assert report.resource_id == AWS_ACCOUNT_NUMBER + assert ( + report.resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -117,8 +120,10 @@ class Test_cloudtrail_multi_region_enabled: "No CloudTrail trails enabled and logging were found", report.status_extended, ) - assert report.resource_id == "No trails" - assert report.resource_arn == "No trails" + assert report.resource_id == AWS_ACCOUNT_NUMBER + assert ( + report.resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -182,8 +187,11 @@ class Test_cloudtrail_multi_region_enabled: "No CloudTrail trails enabled and logging were found", report.status_extended, ) - assert report.resource_id == "No trails" - assert report.resource_arn == "No trails" + assert report.resource_id == AWS_ACCOUNT_NUMBER + assert ( + report.resource_arn + == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py index e2909eb0..2ce72f24 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_s3_dataevents_read_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -54,7 +55,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), @@ -73,8 +73,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -110,7 +112,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), @@ -129,8 +130,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -166,7 +169,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), @@ -222,7 +224,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py index 9af88929..4d1c31d1 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_s3_dataevents_write_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -72,8 +73,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -126,8 +129,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py index 111aca80..c3adb01c 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py @@ -18,6 +18,7 @@ class Test_Cloudtrail_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py index e1d9d30b..e688633a 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py index 032aca5c..b7abe6e2 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py index d68d401c..1c00c5f6 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py index 8f8b07a9..e99aad8b 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py index cc60c678..669b92b4 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py @@ -19,6 +19,7 @@ class Test_cloudwatch_cross_account_sharing_disabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -68,9 +69,9 @@ class Test_cloudwatch_cross_account_sharing_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == "CloudWatch doesn't allows cross-account sharing" + == "CloudWatch doesn't allow cross-account sharing" ) - assert result[0].resource_id == "CloudWatch-CrossAccountSharingRole" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_cloudwatch_log_group_with_cross_account_role(self): diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py index ed4d3448..60991461 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py index 8b3a57d6..88f218a1 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py @@ -21,6 +21,7 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index f7aac516..833c8ee7 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py index c1dc22d1..e5660c87 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py index fa5ad89b..cd8f44ba 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py index 8bf096c9..0fc548c1 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_authentication_failures: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py index c3631e7f..2458d56e 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py index c562a536..9bd2a894 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py index a1349169..36a616b7 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py index 5525e683..28bc448e 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py index e74ead5f..65cd8820 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_root_usage: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py index ba2f77c4..764e5271 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py index 58725915..844dfd1b 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py index 5dc90dee..b5d0fae3 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index 92ee15dd..33690eab 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -23,6 +23,7 @@ class Test_CloudWatch_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py index 689f3800..434fc254 100644 --- a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py +++ b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py @@ -112,6 +112,7 @@ class Test_CodeArtifact_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/codebuild/codebuild_service_test.py b/tests/providers/aws/services/codebuild/codebuild_service_test.py index 81a97e35..bc71422b 100644 --- a/tests/providers/aws/services/codebuild/codebuild_service_test.py +++ b/tests/providers/aws/services/codebuild/codebuild_service_test.py @@ -61,6 +61,7 @@ class Test_Codebuild_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py index 1179ff9f..44f68436 100644 --- a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py +++ b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py @@ -19,6 +19,7 @@ class Test_config_recorder_all_regions_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/config/config_service_test.py b/tests/providers/aws/services/config/config_service_test.py index 11386a49..4beeab16 100644 --- a/tests/providers/aws/services/config/config_service_test.py +++ b/tests/providers/aws/services/config/config_service_test.py @@ -19,6 +19,7 @@ class Test_Config_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py index e63ebbe9..7f26ec87 100644 --- a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py +++ b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py @@ -127,6 +127,7 @@ class Test_DirectoryService_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py b/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py index 4cda2c8b..caf9f714 100644 --- a/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py +++ b/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py @@ -4,11 +4,14 @@ from prowler.providers.aws.services.drs.drs_service import DRSservice, Job AWS_REGION = "eu-west-1" JOB_ARN = "arn:aws:drs:eu-west-1:123456789012:job/12345678901234567890123456789012" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_drs_job_exist: def test_drs_job_exist(self): drs_client = mock.MagicMock + drs_client.audited_account = AWS_ACCOUNT_NUMBER + drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" drs_client.region = AWS_REGION drs_client.drs_services = [ DRSservice( @@ -43,13 +46,15 @@ class Test_drs_job_exist: assert ( result[0].status_extended == "DRS is enabled for this region with jobs." ) - assert result[0].resource_id == "DRS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION assert result[0].resource_tags == [] def test_drs_no_jobs(self): drs_client = mock.MagicMock + drs_client.audited_account = AWS_ACCOUNT_NUMBER + drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" drs_client.region = AWS_REGION drs_client.drs_services = [ DRSservice( @@ -77,13 +82,15 @@ class Test_drs_job_exist: result[0].status_extended == "DRS is enabled for this region without jobs." ) - assert result[0].resource_id == "DRS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION assert result[0].resource_tags == [] def test_drs_disabled(self): drs_client = mock.MagicMock + drs_client.audited_account = AWS_ACCOUNT_NUMBER + drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" drs_client.region = AWS_REGION drs_client.drs_services = [ DRSservice( @@ -108,7 +115,7 @@ class Test_drs_job_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "DRS is not enabled for this region." - assert result[0].resource_id == "DRS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION assert result[0].resource_tags == [] diff --git a/tests/providers/aws/services/drs/drs_service_test.py b/tests/providers/aws/services/drs/drs_service_test.py index 5211afca..ea1f10f5 100644 --- a/tests/providers/aws/services/drs/drs_service_test.py +++ b/tests/providers/aws/services/drs/drs_service_test.py @@ -55,7 +55,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_DRS_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -66,6 +65,7 @@ class Test_DRS_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py index 67b63d64..acda5062 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py @@ -20,6 +20,7 @@ class Test_dynamodb_accelerator_cluster_encryption_enabled: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py index 509929c2..8cd6d3cc 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py @@ -19,6 +19,7 @@ class Test_DynamoDB_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py index 2d64c00c..fe4ae0f8 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py @@ -20,6 +20,7 @@ class Test_dynamodb_tables_kms_cmk_encryption_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py index f8b52d2e..8527af7a 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py @@ -20,6 +20,7 @@ class Test_dynamodb_tables_pitr_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py index 1f7746b4..a6d52f0f 100644 --- a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py +++ b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py @@ -20,6 +20,7 @@ class Test_ec2_ami_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py index 7fed5871..fdca3fa7 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py @@ -21,6 +21,7 @@ class Test_ec2_ebs_default_encryption: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py index 8921e9e1..f389aad0 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py @@ -30,6 +30,7 @@ class Test_ec2_ebs_public_snapshot: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py index 76c90577..84cb6956 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py @@ -30,6 +30,7 @@ class Test_ec2_ebs_snapshots_encrypted: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py index 6b45a75e..7b13c275 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py @@ -19,6 +19,7 @@ class Test_ec2_ebs_volume_encryption: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py index 0ba734ac..7d6a68fc 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py @@ -21,6 +21,7 @@ class Test_ec2_elastic_ip_shodan: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py index e59796c3..6ec60681 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py @@ -21,6 +21,7 @@ class Test_ec2_elastic_ip_unassgined: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py index f0a3a414..91fa3cc9 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_imdsv2_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py index b3fdde05..e91a268f 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_internet_facing_with_instance_profile: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py index 75ad5c4e..2d934ebb 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py @@ -23,6 +23,7 @@ class Test_ec2_instance_older_than_specific_days: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py index bf0e168b..62323ef6 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_profile_attached: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py index 22f13d91..c4959f80 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_public_ip: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py index e485ade4..2ea7b5a0 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py @@ -20,6 +20,7 @@ class Test_ec2_instance_secrets_user_data: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py index 980b53e6..9627f7c2 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py @@ -19,6 +19,7 @@ class ec2_networkacl_allow_ingress_any_port: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py index e25a93f7..6ba3e2b2 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py @@ -19,6 +19,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py index 689e18f2..86018ac1 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py @@ -19,6 +19,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py index 3d08d1c5..b21fb1ac 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py index 2c015d6e..ec4bf65b 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py index 44a91a08..6e28f9ad 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py index 35382aba..0db687d1 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py index 72c24a70..f2ae3484 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py index 883cacff..e58e6fcd 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py index e65bb902..d848d254 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py index 1e430970..c5b97841 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py index 1cd9e282..054d8596 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py index 91f08a0c..506a8df2 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py index 42c06362..df0220d9 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py index ef3dfaee..ae70209d 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py index 040715c2..ac2fcab7 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py index b798f8a1..a52cfe77 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py @@ -20,6 +20,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_ botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py index 6e7a09cd..ed02120f 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py index bdd72b5c..ee22238a 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_wide_open_public_ipv4: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py index c558a7ed..c9244c4c 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py @@ -19,6 +19,7 @@ class Test_ec2_securitygroup_default_restrict_traffic: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py index 377ad586..ffb119be 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py @@ -21,6 +21,7 @@ class Test_ec2_securitygroup_from_launch_wizard: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py index 4dfa3b39..18ed73e7 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py @@ -21,6 +21,7 @@ class Test_ec2_securitygroup_not_used: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py index 283a1b5f..2f89973a 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_with_many_ingress_egress_rules: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_service_test.py b/tests/providers/aws/services/ec2/ec2_service_test.py index d701cd11..7d361643 100644 --- a/tests/providers/aws/services/ec2/ec2_service_test.py +++ b/tests/providers/aws/services/ec2/ec2_service_test.py @@ -28,6 +28,7 @@ class Test_EC2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ecr/ecr_service_test.py b/tests/providers/aws/services/ecr/ecr_service_test.py index 2a4b98b4..3edac352 100644 --- a/tests/providers/aws/services/ecr/ecr_service_test.py +++ b/tests/providers/aws/services/ecr/ecr_service_test.py @@ -104,6 +104,7 @@ class Test_ECR_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ecs/ecs_service_test.py b/tests/providers/aws/services/ecs/ecs_service_test.py index a2024cb0..9ce3e877 100644 --- a/tests/providers/aws/services/ecs/ecs_service_test.py +++ b/tests/providers/aws/services/ecs/ecs_service_test.py @@ -31,6 +31,7 @@ class Test_ECS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/efs/efs_service_test.py b/tests/providers/aws/services/efs/efs_service_test.py index 612a12b2..f95d2fde 100644 --- a/tests/providers/aws/services/efs/efs_service_test.py +++ b/tests/providers/aws/services/efs/efs_service_test.py @@ -63,6 +63,7 @@ class Test_EFS: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/eks/eks_service_test.py b/tests/providers/aws/services/eks/eks_service_test.py index 089bd39f..55127e6b 100644 --- a/tests/providers/aws/services/eks/eks_service_test.py +++ b/tests/providers/aws/services/eks/eks_service_test.py @@ -36,6 +36,7 @@ class Test_EKS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py index c3de32b2..7c2e91dc 100644 --- a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py @@ -20,6 +20,7 @@ class Test_elb_insecure_ssl_ciphers: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py index 976bf076..ccec367f 100644 --- a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py +++ b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py @@ -20,6 +20,7 @@ class Test_elb_request_smugling: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py index 4a42d475..c163dd27 100644 --- a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py +++ b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py @@ -20,6 +20,7 @@ class Test_elb_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_service_test.py b/tests/providers/aws/services/elb/elb_service_test.py index 0e397448..4792dd59 100644 --- a/tests/providers/aws/services/elb/elb_service_test.py +++ b/tests/providers/aws/services/elb/elb_service_test.py @@ -19,6 +19,7 @@ class Test_ELB_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py index d9622b82..5531d161 100644 --- a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py +++ b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py @@ -20,6 +20,7 @@ class Test_elb_ssl_listeners: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py index 869bcb57..86ff9059 100644 --- a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py @@ -20,6 +20,7 @@ class Test_elbv2_deletion_protection: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py index 6ea1aa33..248fea35 100644 --- a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py @@ -20,6 +20,7 @@ class Test_elbv2_desync_mitigation_mode: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py index ed41c06f..5f826167 100644 --- a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py @@ -20,6 +20,7 @@ class Test_elbv2_insecure_ssl_ciphers: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py index 0bd42c73..e0a3e5a8 100644 --- a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py @@ -20,6 +20,7 @@ class Test_elbv2_internet_facing: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py index 17d48446..a07110e2 100644 --- a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py @@ -20,6 +20,7 @@ class Test_elbv2_listeners_underneath: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py index 9fbf96ed..397edc83 100644 --- a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py @@ -20,6 +20,7 @@ class Test_elbv2_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_service_test.py b/tests/providers/aws/services/elbv2/elbv2_service_test.py index df54d2be..c14ac455 100644 --- a/tests/providers/aws/services/elbv2/elbv2_service_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_service_test.py @@ -19,6 +19,7 @@ class Test_ELBv2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py index 7dc05718..b17a7789 100644 --- a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py @@ -20,6 +20,7 @@ class Test_elbv2_ssl_listeners: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py index 48e0a5d5..0786236f 100644 --- a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py @@ -42,6 +42,7 @@ class Test_elbv2_waf_acl_attached: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py index 58a781f8..129ca601 100644 --- a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py +++ b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py @@ -22,6 +22,7 @@ class Test_emr_cluster_publicly_accesible: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/emr/emr_service_test.py b/tests/providers/aws/services/emr/emr_service_test.py index e6eb3073..92c354fa 100644 --- a/tests/providers/aws/services/emr/emr_service_test.py +++ b/tests/providers/aws/services/emr/emr_service_test.py @@ -58,6 +58,7 @@ class Test_EMR_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py b/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py index 1a1592aa..9466ab5e 100644 --- a/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py +++ b/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py @@ -6,6 +6,7 @@ from prowler.providers.aws.services.fms.fms_service import ( ) AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_fms_policy_compliant: @@ -29,6 +30,8 @@ class Test_fms_policy_compliant: def test_fms_admin_with_non_compliant_policies(self): fms_client = mock.MagicMock + fms_client.audited_account = AWS_ACCOUNT_NUMBER + fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" fms_client.region = AWS_REGION fms_client.fms_admin_account = True fms_client.fms_policies = [ @@ -73,6 +76,8 @@ class Test_fms_policy_compliant: def test_fms_admin_with_compliant_policies(self): fms_client = mock.MagicMock + fms_client.audited_account = AWS_ACCOUNT_NUMBER + fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" fms_client.region = AWS_REGION fms_client.fms_admin_account = True fms_client.fms_policies = [ @@ -110,12 +115,14 @@ class Test_fms_policy_compliant: assert ( result[0].status_extended == "FMS enabled with all compliant accounts" ) - assert result[0].resource_id == "FMS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_fms_admin_with_non_and_compliant_policies(self): fms_client = mock.MagicMock + fms_client.audited_account = AWS_ACCOUNT_NUMBER + fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" fms_client.region = AWS_REGION fms_client.fms_admin_account = True fms_client.fms_policies = [ diff --git a/tests/providers/aws/services/fms/fms_service_test.py b/tests/providers/aws/services/fms/fms_service_test.py index 9947cccd..6cdf26b2 100644 --- a/tests/providers/aws/services/fms/fms_service_test.py +++ b/tests/providers/aws/services/fms/fms_service_test.py @@ -64,7 +64,6 @@ def mock_make_api_call(self, operation_name, kwargs): # Patch every AWS call using Boto3 @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) class Test_FMS_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -75,6 +74,7 @@ class Test_FMS_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/glacier/glacier_service_test.py b/tests/providers/aws/services/glacier/glacier_service_test.py index e940cd37..460ce0b2 100644 --- a/tests/providers/aws/services/glacier/glacier_service_test.py +++ b/tests/providers/aws/services/glacier/glacier_service_test.py @@ -85,6 +85,7 @@ class Test_Glacier_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py index 086c720e..60bdc25d 100644 --- a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py +++ b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py @@ -59,6 +59,7 @@ class Test_GlobalAccelerator_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/glue/glue_service_test.py b/tests/providers/aws/services/glue/glue_service_test.py index 1fb15f1e..42f78ce4 100644 --- a/tests/providers/aws/services/glue/glue_service_test.py +++ b/tests/providers/aws/services/glue/glue_service_test.py @@ -127,6 +127,7 @@ class Test_Glue_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/guardduty/guardduty_service_test.py b/tests/providers/aws/services/guardduty/guardduty_service_test.py index 55f64c70..e1bf6bd9 100644 --- a/tests/providers/aws/services/guardduty/guardduty_service_test.py +++ b/tests/providers/aws/services/guardduty/guardduty_service_test.py @@ -69,6 +69,7 @@ class Test_GuardDuty_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py index e671ee26..3ed572dc 100644 --- a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py +++ b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py @@ -23,6 +23,7 @@ class Test_iam_administrator_access_with_mfa_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py index 2e1c4378..f5539eac 100644 --- a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py +++ b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py @@ -24,6 +24,7 @@ class Test_iam_avoid_root_usage: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py index 03444a8e..ca34c323 100644 --- a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py @@ -19,6 +19,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py index 206310e7..b86cf7cc 100644 --- a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py +++ b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py @@ -21,6 +21,7 @@ class Test_iam_check_saml_providers_sts: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py index a3e321a1..b90678af 100644 --- a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py @@ -20,6 +20,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py index ab915e78..b3324736 100644 --- a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py @@ -20,6 +20,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py index a9dff562..e1c0974b 100644 --- a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py @@ -23,6 +23,7 @@ class Test_iam_disable_30_days_credentials_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py index 2cb37f8b..3ac41b4d 100644 --- a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py @@ -23,6 +23,7 @@ class Test_iam_disable_45_days_credentials_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py index 72a1c811..df5f991f 100644 --- a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py @@ -23,6 +23,7 @@ class Test_iam_disable_90_days_credentials_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py index 1205627f..77656567 100644 --- a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py +++ b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py @@ -23,6 +23,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py index 5025cdd0..5b547915 100644 --- a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py +++ b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py @@ -22,6 +22,7 @@ class Test_iam_no_expired_server_certificates_stored_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py index 101ee2a0..dc966601 100644 --- a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py @@ -22,6 +22,7 @@ class Test_iam_no_root_access_key_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py index 29c53333..ce719683 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py @@ -22,6 +22,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -68,7 +69,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: check = iam_password_policy_expires_passwords_within_90_days_or_less() result = check.execute() assert result[0].status == "PASS" - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert search( "Password expiration is set lower than 90 days", result[0].status_extended, @@ -107,7 +108,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: check = iam_password_policy_expires_passwords_within_90_days_or_less() result = check.execute() assert result[0].status == "FAIL" - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert search( "Password expiration is set greater than 90 days", result[0].status_extended, @@ -146,7 +147,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: check = iam_password_policy_expires_passwords_within_90_days_or_less() result = check.execute() assert result[0].status == "PASS" - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert search( "Password expiration is set lower than 90 days", result[0].status_extended, diff --git a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py index 229fd243..d3b1a62a 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_lowercase: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_lowercase: "IAM password policy does not require at least one lowercase letter.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_lowercase_flag(self): @@ -93,4 +94,4 @@ class Test_iam_password_policy_lowercase: "IAM password policy requires at least one lowercase letter.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py index 31a85bc3..8b55dde6 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_minimum_length_14: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_minimum_length_14: "IAM password policy requires minimum length of 14 characters.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_minimum_length_greater_14(self): @@ -93,7 +94,7 @@ class Test_iam_password_policy_minimum_length_14: "IAM password policy requires minimum length of 14 characters.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_minimum_length_less_14(self): @@ -124,4 +125,4 @@ class Test_iam_password_policy_minimum_length_14: "IAM password policy does not require minimum length of 14 characters.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py index 2c20acc0..c11057ad 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_number: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_number: "IAM password policy does not require at least one number.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_number_flag(self): @@ -93,4 +94,4 @@ class Test_iam_password_policy_number: "IAM password policy requires at least one number.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py index 8a50766b..9741aa4a 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py @@ -18,6 +18,7 @@ class Test_iam_password_policy_reuse_24: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py index 6d78118d..b95f3d5c 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_symbol: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_symbol: "IAM password policy does not require at least one symbol.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_symbol_flag(self): @@ -93,4 +94,4 @@ class Test_iam_password_policy_symbol: "IAM password policy requires at least one symbol.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py index 6e8bdee8..764c6532 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py @@ -18,6 +18,7 @@ class Test_iam_password_policy_uppercase: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py index cb4d00f5..0a28fcca 100644 --- a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py +++ b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py @@ -20,6 +20,7 @@ class Test_iam_policy_allows_privilege_escalation: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py index 64ad4438..be1021b7 100644 --- a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py +++ b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py @@ -20,6 +20,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py index 54196bd6..3e4757b8 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py @@ -19,6 +19,7 @@ class Test_iam_policy_no_full_access_to_cloudtrail: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py index c40051df..bd62865b 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py @@ -19,6 +19,7 @@ class Test_iam_policy_no_full_access_to_kms: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py index 53cf3403..122feb5f 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py @@ -21,6 +21,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: botocore_session=None, ), audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -271,7 +272,10 @@ class Test_iam_role_cross_account_readonlyaccess_policy: ) with mock.patch( - "prowler.providers.aws.services.iam.iam_role_cross_account_readonlyaccess_policy.iam_role_cross_account_readonlyaccess_policy.iam_client", + "prowler.providers.aws.services.iam.iam_service.IAM", + new=iam_client, + ), mock.patch( + "prowler.providers.aws.services.iam.iam_client.iam_client", new=iam_client, ): # Test Check diff --git a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py index 4c6cab9b..9d061852 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py @@ -21,6 +21,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: botocore_session=None, ), audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py index d710fcd0..96352c4a 100644 --- a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py @@ -19,6 +19,7 @@ class Test_iam_root_hardware_mfa_enabled_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -64,7 +65,7 @@ class Test_iam_root_hardware_mfa_enabled_test: "Root account has a virtual MFA instead of a hardware MFA device enabled.", result[0].status_extended, ) - assert result[0].resource_id == "root" + assert result[0].resource_id == "" @mock_iam def test_root_hardware_virtual_hardware_mfa_enabled(self): @@ -97,7 +98,7 @@ class Test_iam_root_hardware_mfa_enabled_test: "Root account has a hardware MFA device enabled.", result[0].status_extended, ) - assert result[0].resource_id == "root" + assert result[0].resource_id == "" assert ( result[0].resource_arn == f"arn:aws:iam::{service_client.account}:root" ) diff --git a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py index 4596e02a..2582efa2 100644 --- a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py @@ -19,6 +19,7 @@ class Test_iam_root_mfa_enabled_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py index 4606b919..d0551924 100644 --- a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py +++ b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py @@ -19,6 +19,7 @@ class Test_iam_rotate_access_key_90_days_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py index ba5fd5dc..8049cb70 100644 --- a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py @@ -22,6 +22,7 @@ class Test_iam_securityaudit_role_created: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index 18969a7a..e83a0892 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -22,6 +22,7 @@ class Test_IAM_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py index 926f1231..fe025f5b 100644 --- a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py @@ -20,6 +20,7 @@ class Test_iam_support_role_created: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py index 813650c1..bf3b6894 100644 --- a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py @@ -19,6 +19,7 @@ class Test_iam_user_hardware_mfa_enabled_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py index 9d8d1fc8..4666b203 100644 --- a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py +++ b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py @@ -18,6 +18,7 @@ class Test_iam_user_mfa_enabled_console_access_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py index ef72e397..0fae4735 100644 --- a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py @@ -20,6 +20,7 @@ class Test_iam_user_no_setup_initial_access_key_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py index 4f99a8d6..909e6906 100644 --- a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py @@ -19,6 +19,7 @@ class Test_iam_user_two_active_access_key: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py b/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py index c27761eb..cb87aa75 100644 --- a/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py @@ -16,6 +16,8 @@ class Test_inspector2_findings_exist: def test_inspector2_disabled(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -38,12 +40,14 @@ class Test_inspector2_findings_exist: assert result[0].status == "FAIL" assert result[0].status_extended == "Inspector2 is not enabled." assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_no_finding(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -66,12 +70,14 @@ class Test_inspector2_findings_exist: assert result[0].status == "PASS" assert result[0].status_extended == "Inspector2 is enabled with no findings" assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_with_no_active_finding(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -109,12 +115,14 @@ class Test_inspector2_findings_exist: == "Inspector2 is enabled with no active findings" ) assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_with_active_finding(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -151,12 +159,14 @@ class Test_inspector2_findings_exist: result[0].status_extended == "There are 1 ACTIVE Inspector2 findings." ) assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_with_active_and_closed_findings(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -200,5 +210,5 @@ class Test_inspector2_findings_exist: result[0].status_extended == "There are 1 ACTIVE Inspector2 findings." ) assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION diff --git a/tests/providers/aws/services/inspector2/inspector2_service_test.py b/tests/providers/aws/services/inspector2/inspector2_service_test.py index c49512c0..ae95e1b1 100644 --- a/tests/providers/aws/services/inspector2/inspector2_service_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_service_test.py @@ -91,6 +91,7 @@ class Test_Inspector2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py index 650513cf..78f5eec1 100644 --- a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py @@ -19,6 +19,7 @@ class Test_kms_cmk_are_used: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py index 4ce15913..987ab5c9 100644 --- a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py @@ -19,6 +19,7 @@ class Test_kms_cmk_rotation_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py index 3beb3250..de4e98d3 100644 --- a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py @@ -20,6 +20,7 @@ class Test_kms_key_not_publicly_accessible: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_service_test.py b/tests/providers/aws/services/kms/kms_service_test.py index ed60d59a..c35c7891 100644 --- a/tests/providers/aws/services/kms/kms_service_test.py +++ b/tests/providers/aws/services/kms/kms_service_test.py @@ -21,6 +21,7 @@ class Test_ACM_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py b/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py index ad21520e..429687fa 100644 --- a/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py +++ b/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py @@ -2,10 +2,14 @@ from unittest import mock from prowler.providers.aws.services.macie.macie_service import Session +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_macie_is_enabled: def test_macie_disabled(self): macie_client = mock.MagicMock + macie_client.audited_account = AWS_ACCOUNT_NUMBER + macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" macie_client.sessions = [ Session( status="DISABLED", @@ -27,10 +31,12 @@ class Test_macie_is_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "Macie is not enabled." - assert result[0].resource_id == "Macie" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER def test_macie_enabled(self): macie_client = mock.MagicMock + macie_client.audited_account = AWS_ACCOUNT_NUMBER + macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" macie_client.sessions = [ Session( status="ENABLED", @@ -52,10 +58,12 @@ class Test_macie_is_enabled: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == "Macie is enabled." - assert result[0].resource_id == "Macie" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER def test_macie_suspended(self): macie_client = mock.MagicMock + macie_client.audited_account = AWS_ACCOUNT_NUMBER + macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" macie_client.sessions = [ Session( status="PAUSED", @@ -79,4 +87,4 @@ class Test_macie_is_enabled: assert ( result[0].status_extended == "Macie is currently in a SUSPENDED state." ) - assert result[0].resource_id == "Macie" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/macie/macie_service_test.py b/tests/providers/aws/services/macie/macie_service_test.py index bf1ab4fe..6ac03ca8 100644 --- a/tests/providers/aws/services/macie/macie_service_test.py +++ b/tests/providers/aws/services/macie/macie_service_test.py @@ -56,6 +56,7 @@ class Test_Macie_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py index 2a8d9778..4d040fb7 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py @@ -29,6 +29,7 @@ class Test_networkfirewall_in_all_vpc: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py index 60bceaf0..53c3170c 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py @@ -64,7 +64,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_NetworkFirewall_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -75,6 +74,7 @@ class Test_NetworkFirewall_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/opensearch/opensearch_service_test.py b/tests/providers/aws/services/opensearch/opensearch_service_test.py index 0fc0b445..a4417c4d 100644 --- a/tests/providers/aws/services/opensearch/opensearch_service_test.py +++ b/tests/providers/aws/services/opensearch/opensearch_service_test.py @@ -113,6 +113,7 @@ class Test_OpenSearchService_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py index 8407f356..537cb9b8 100644 --- a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py +++ b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py @@ -23,6 +23,7 @@ class Test_organizations_account_part_of_organizations: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py index acd07abc..995ed383 100644 --- a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py +++ b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py @@ -23,6 +23,7 @@ class Test_organizations_delegated_administrators: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py index 2d999371..8df12791 100644 --- a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py +++ b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py @@ -27,6 +27,7 @@ class Test_organizations_scp_check_deny_regions: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_service_test.py b/tests/providers/aws/services/organizations/organizations_service_test.py index 54b33851..47a92585 100644 --- a/tests/providers/aws/services/organizations/organizations_service_test.py +++ b/tests/providers/aws/services/organizations/organizations_service_test.py @@ -17,7 +17,6 @@ def scp_restrict_regions_with_deny(): class Test_Organizations_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -29,6 +28,7 @@ class Test_Organizations_Service: region_name=AWS_REGION, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py index 98d50889..e90767b2 100644 --- a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py +++ b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py @@ -26,6 +26,7 @@ class Test_organizations_tags_policies_enabled_and_attached: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py index 67305501..801592f3 100644 --- a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py @@ -42,6 +42,7 @@ class Test_rds_instance_backup_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py index 56b6879a..de857395 100644 --- a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py @@ -42,6 +42,7 @@ class Test_rds_instance_deletion_protection: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py index 2a29d32f..567c5206 100644 --- a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_deprecated_engine_version: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py index 5fca2dc6..7e42fa08 100644 --- a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_enhanced_monitoring_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py index 52fdbd02..56da05ab 100644 --- a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py +++ b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_integration_cloudwatch_logs: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py index 5b8595fa..9b183b29 100644 --- a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_minor_version_upgrade_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py index 38f09d7b..87046ef0 100644 --- a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py +++ b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py @@ -42,6 +42,7 @@ class Test_rds_instance_multi_az: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py index 3f06f120..1da59ea3 100644 --- a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_no_public_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py index 0fbed859..b2b51a61 100644 --- a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_storage_encrypted: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py index 5f8436df..a7d223a8 100644 --- a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_transport_encrypted: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_service_test.py b/tests/providers/aws/services/rds/rds_service_test.py index 3b6076f0..7a8531c7 100644 --- a/tests/providers/aws/services/rds/rds_service_test.py +++ b/tests/providers/aws/services/rds/rds_service_test.py @@ -40,6 +40,7 @@ class Test_RDS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py index c48037f8..7fde31c4 100644 --- a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py @@ -49,6 +49,7 @@ class Test_rds_snapshots_public_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/redshift/redshift_service_test.py b/tests/providers/aws/services/redshift/redshift_service_test.py index bd0c38ff..e27eeb87 100644 --- a/tests/providers/aws/services/redshift/redshift_service_test.py +++ b/tests/providers/aws/services/redshift/redshift_service_test.py @@ -67,6 +67,7 @@ class Test_Redshift_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py index d8b5472b..8d86f620 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py @@ -23,6 +23,7 @@ class Test_resourceexplorer2_indexes_found: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -40,6 +41,9 @@ class Test_resourceexplorer2_indexes_found: resourceexplorer2_client = mock.MagicMock resourceexplorer2_client.indexes = [] resourceexplorer2_client.audited_account = AWS_ACCOUNT_NUMBER + resourceexplorer2_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) resourceexplorer2_client.region = AWS_REGION with mock.patch( "prowler.providers.aws.services.resourceexplorer2.resourceexplorer2_service.ResourceExplorer2", @@ -58,7 +62,7 @@ class Test_resourceexplorer2_indexes_found: assert result[0].status == "FAIL" assert result[0].status_extended == "No Resource Explorer Indexes found" assert result[0].resource_id == AWS_ACCOUNT_NUMBER - assert result[0].resource_arn == "NoResourceExplorer" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_index_found(self): @@ -67,6 +71,9 @@ class Test_resourceexplorer2_indexes_found: Indexes(arn=INDEX_ARN, region=INDEX_REGION, type="LOCAL") ] resourceexplorer2_client.audited_account = AWS_ACCOUNT_NUMBER + resourceexplorer2_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) resourceexplorer2_client.region = AWS_REGION with mock.patch( "prowler.providers.aws.services.resourceexplorer2.resourceexplorer2_service.ResourceExplorer2", diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py index 2f80feef..5c9c897d 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py @@ -42,7 +42,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_ResourceExplorer2_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -53,6 +52,7 @@ class Test_ResourceExplorer2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py index 1fa741c3..fe0c979d 100644 --- a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py +++ b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py @@ -22,6 +22,7 @@ class Test_route53_dangling_ip_subdomain_takeover: region_name=AWS_REGION, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/route53/route53_service_test.py b/tests/providers/aws/services/route53/route53_service_test.py index e19c926b..1208255c 100644 --- a/tests/providers/aws/services/route53/route53_service_test.py +++ b/tests/providers/aws/services/route53/route53_service_test.py @@ -44,6 +44,7 @@ class Test_Route53_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/route53/route53domains_service_test.py b/tests/providers/aws/services/route53/route53domains_service_test.py index 7f270dae..3d3e8b0e 100644 --- a/tests/providers/aws/services/route53/route53domains_service_test.py +++ b/tests/providers/aws/services/route53/route53domains_service_test.py @@ -80,6 +80,7 @@ class Test_Route53_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py index ee83f778..d63d587d 100644 --- a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py +++ b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py @@ -21,6 +21,7 @@ class Test_s3_account_level_public_access_blocks: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py index 04bbd3ff..e70633a6 100644 --- a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_acl_prohibited: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py index 22575d34..ec14d0e2 100644 --- a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_default_encryption: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py index fdf59476..557cab64 100644 --- a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_level_public_access_block: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py index caa8f677..12c9807b 100644 --- a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_no_mfa_delete: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py index 23529fc5..c9bade1c 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_object_lock: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py index a13b05eb..41961c94 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_object_versioning: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py index debf7039..3d442bab 100644 --- a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_policy_public_write_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py index cfc2d798..4307dfc1 100644 --- a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_public_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py index afc1932f..96e83d4b 100644 --- a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_secure_transport_policy: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py index 17e27055..0d0be267 100644 --- a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_server_access_logging_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_service_test.py b/tests/providers/aws/services/s3/s3_service_test.py index 199dd115..6c03c8f7 100644 --- a/tests/providers/aws/services/s3/s3_service_test.py +++ b/tests/providers/aws/services/s3/s3_service_test.py @@ -22,6 +22,7 @@ class Test_S3_Service: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py index 01229e71..916b5e68 100644 --- a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py +++ b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py @@ -114,6 +114,7 @@ class Test_SageMaker_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py index 8ea9719a..6ab7761c 100644 --- a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py +++ b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py @@ -37,6 +37,7 @@ class Test_SecretsManager_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/securityhub/securityhub_service_test.py b/tests/providers/aws/services/securityhub/securityhub_service_test.py index d5a5f5c7..1736c172 100644 --- a/tests/providers/aws/services/securityhub/securityhub_service_test.py +++ b/tests/providers/aws/services/securityhub/securityhub_service_test.py @@ -67,6 +67,7 @@ class Test_SecurityHub_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py index b6538c5e..1f935d6c 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py @@ -34,6 +34,7 @@ class Test_shield_advanced_protection_in_associated_elastic_ips: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py index f3328979..28c69c72 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py @@ -21,6 +21,7 @@ class Test_shield_advanced_protection_in_classic_load_balancers: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py index e29c99fe..379d8688 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py @@ -34,6 +34,7 @@ class Test_shield_advanced_protection_in_internet_facing_load_balancers: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_service_test.py b/tests/providers/aws/services/shield/shield_service_test.py index b5775e64..74edd6b2 100644 --- a/tests/providers/aws/services/shield/shield_service_test.py +++ b/tests/providers/aws/services/shield/shield_service_test.py @@ -44,6 +44,7 @@ class Test_Shield_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/sns/sns_service_test.py b/tests/providers/aws/services/sns/sns_service_test.py index 02111903..f5dca6fd 100644 --- a/tests/providers/aws/services/sns/sns_service_test.py +++ b/tests/providers/aws/services/sns/sns_service_test.py @@ -58,6 +58,7 @@ class Test_SNS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/sqs/sqs_service_test.py b/tests/providers/aws/services/sqs/sqs_service_test.py index 5d539245..229cca1e 100644 --- a/tests/providers/aws/services/sqs/sqs_service_test.py +++ b/tests/providers/aws/services/sqs/sqs_service_test.py @@ -60,6 +60,7 @@ class Test_SQS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ssm/ssm_service_test.py b/tests/providers/aws/services/ssm/ssm_service_test.py index 813a8764..3f7dda49 100644 --- a/tests/providers/aws/services/ssm/ssm_service_test.py +++ b/tests/providers/aws/services/ssm/ssm_service_test.py @@ -141,6 +141,7 @@ class Test_SSM_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py b/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py index cac74d90..32a98d28 100644 --- a/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py +++ b/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py @@ -8,11 +8,16 @@ from prowler.providers.aws.services.ssmincidents.ssmincidents_service import ( AWS_REGION = "us-east-1" REPLICATION_SET_ARN = "arn:aws:ssm-incidents::111122223333:replication-set/40bd98f0-4110-2dee-b35e-b87006f9e172" RESPONSE_PLAN_ARN = "arn:aws:ssm-incidents::111122223333:response-plan/example-response" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_ssmincidents_enabled_with_plans: def test_ssmincidents_no_replicationset(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [] with mock.patch( @@ -32,12 +37,16 @@ class Test_ssmincidents_enabled_with_plans: assert ( result[0].status_extended == "No SSM Incidents replication set exists." ) - assert result[0].resource_id == "SSMIncidents" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_ssmincidents_replicationset_not_active(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [ ReplicationSet(arn=REPLICATION_SET_ARN, status="CREATING") @@ -60,12 +69,16 @@ class Test_ssmincidents_enabled_with_plans: result[0].status_extended == f"SSM Incidents replication set {REPLICATION_SET_ARN} exists but not ACTIVE." ) - assert result[0].resource_id == "SSMIncidents" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == REPLICATION_SET_ARN assert result[0].region == AWS_REGION def test_ssmincidents_replicationset_active_no_plans(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [ ReplicationSet(arn=REPLICATION_SET_ARN, status="ACTIVE") @@ -89,12 +102,16 @@ class Test_ssmincidents_enabled_with_plans: result[0].status_extended == f"SSM Incidents replication set {REPLICATION_SET_ARN} is ACTIVE but no response plans exist." ) - assert result[0].resource_id == "SSMIncidents" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == REPLICATION_SET_ARN assert result[0].region == AWS_REGION def test_ssmincidents_replicationset_active_with_plans(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [ ReplicationSet(arn=REPLICATION_SET_ARN, status="ACTIVE") @@ -120,6 +137,6 @@ class Test_ssmincidents_enabled_with_plans: result[0].status_extended == f"SSM Incidents replication set {REPLICATION_SET_ARN} is ACTIVE and has response plans." ) - assert result[0].resource_id == "SSMIncidents" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == REPLICATION_SET_ARN assert result[0].region == AWS_REGION diff --git a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py index a4bdf83b..b5d18dd9 100644 --- a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py +++ b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py @@ -67,7 +67,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_SSMIncidents_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -78,6 +77,7 @@ class Test_SSMIncidents_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py index 542769ae..704beaa4 100644 --- a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py +++ b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py @@ -33,6 +33,7 @@ class Test_TrustedAdvisor_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -67,7 +68,6 @@ class Test_TrustedAdvisor_Service: @mock_support # Test TrustedAdvisor session def test__describe_trusted_advisor_checks__(self): - audit_info = self.set_mocked_audit_info() trustedadvisor = TrustedAdvisor(audit_info) assert len(trustedadvisor.checks) == 104 # Default checks diff --git a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py index 035cf253..d8dbb104 100644 --- a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py +++ b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py @@ -19,6 +19,7 @@ class Test_vpc_different_regions: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py index 4dab57ac..8d4b216f 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py @@ -26,6 +26,7 @@ class Test_vpc_endpoint_connections_trust_boundaries: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py index 5bc7c1b8..f7bd0fa9 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py @@ -45,6 +45,7 @@ class Test_vpc_endpoint_services_allowed_principals_trust_boundaries: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py index 1079acf1..d210e24e 100644 --- a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py +++ b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py @@ -19,6 +19,7 @@ class Test_vpc_flow_logs_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py index a25bffdc..6ffa402c 100644 --- a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py +++ b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py @@ -19,6 +19,7 @@ class Test_vpc_peering_routing_tables_with_least_privilege: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_service_test.py b/tests/providers/aws/services/vpc/vpc_service_test.py index b3ddd79e..7688cab4 100644 --- a/tests/providers/aws/services/vpc/vpc_service_test.py +++ b/tests/providers/aws/services/vpc/vpc_service_test.py @@ -21,6 +21,7 @@ class Test_VPC_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py index 1b0c0d4a..f936a34b 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py @@ -19,6 +19,7 @@ class Test_vpc_subnet_different_az: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py index 3b966494..ff4acfa7 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py @@ -19,6 +19,7 @@ class Test_vpc_subnet_separate_private_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py index f3ae1e54..f14272a3 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py @@ -19,6 +19,7 @@ class Test_vpc_subnet_separate_private_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/waf/waf_service_test.py b/tests/providers/aws/services/waf/waf_service_test.py index 6e954b26..e903f001 100644 --- a/tests/providers/aws/services/waf/waf_service_test.py +++ b/tests/providers/aws/services/waf/waf_service_test.py @@ -55,6 +55,7 @@ class Test_WAF_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/wafv2/wafv2_service_test.py b/tests/providers/aws/services/wafv2/wafv2_service_test.py index a70a486b..8d557151 100644 --- a/tests/providers/aws/services/wafv2/wafv2_service_test.py +++ b/tests/providers/aws/services/wafv2/wafv2_service_test.py @@ -19,6 +19,7 @@ class Test_WAFv2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py index e73d63bf..285799b5 100644 --- a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py +++ b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py @@ -63,6 +63,7 @@ class Test_WellArchitected_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/workspaces/workspaces_service_test.py b/tests/providers/aws/services/workspaces/workspaces_service_test.py index c1bdc3bf..b10589d6 100644 --- a/tests/providers/aws/services/workspaces/workspaces_service_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_service_test.py @@ -59,6 +59,7 @@ class Test_WorkSpaces_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py index ccb65aa6..04728d89 100644 --- a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py @@ -23,6 +23,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/common/audit_info_test.py b/tests/providers/common/audit_info_test.py index c93b1117..6f8180df 100644 --- a/tests/providers/common/audit_info_test.py +++ b/tests/providers/common/audit_info_test.py @@ -98,6 +98,7 @@ class Test_Set_Audit_Info: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn="arn:aws:iam::123456789012:user/test", diff --git a/tests/providers/common/common_outputs_test.py b/tests/providers/common/common_outputs_test.py index 6a6929fa..e9711129 100644 --- a/tests/providers/common/common_outputs_test.py +++ b/tests/providers/common/common_outputs_test.py @@ -62,6 +62,7 @@ class Test_Common_Output_Options: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id="test-user", audited_partition="aws", audited_identity_arn="test-user-arn", diff --git a/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py b/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py index c4f97b8c..928db07d 100644 --- a/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py +++ b/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py @@ -8,6 +8,7 @@ class Test_iam_no_service_roles_at_project_level: def test_iam_no_bindings(self): cloudresourcemanager_client = mock.MagicMock cloudresourcemanager_client.bindings = [] + cloudresourcemanager_client.project_ids = [GCP_PROJECT_ID] with mock.patch( "prowler.providers.gcp.services.iam.iam_no_service_roles_at_project_level.iam_no_service_roles_at_project_level.cloudresourcemanager_client",