From 4401d4209c724bf869752eaeabbd8b663a0b86f4 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Tue, 17 Sep 2019 14:52:30 -0400
Subject: [PATCH] CURRENT_ACCOUNT_ID is not needed

since ACCOUNT_ID is available
---
 checks/check26 | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/checks/check26 b/checks/check26
index d22b77ee..133a4176 100644
--- a/checks/check26
+++ b/checks/check26
@@ -18,7 +18,6 @@ check26(){
   # "Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
 
   CLOUDTRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region "$REGION" --query 'trailList[*].Name' --output text| tr '\011' '\012' | awk -F: '{print $1}')
-  CURRENT_ACCOUNT_ID=$($AWSCLI sts $PROFILE_OPT get-caller-identity --region "$REGION" --query Account --output text)
 
   if [[ $CLOUDTRAILS ]];then
     for trail in $CLOUDTRAILS; do
@@ -28,12 +27,12 @@ check26(){
 
       if [[ $CLOUDTRAILBUCKET ]];then
         bucket=$CLOUDTRAILBUCKET
-        if [ "$CLOUDTRAIL_ACCOUNT_ID" == "$CURRENT_ACCOUNT_ID" ];then
+        if [ "$CLOUDTRAIL_ACCOUNT_ID" == "$ACCOUNT_ID" ];then
           CLOUDTRAILBUCKET_LOGENABLED=$($AWSCLI s3api get-bucket-logging --bucket $bucket $PROFILE_OPT --region $REGION --query 'LoggingEnabled.TargetBucket' --output text|grep -v None)
         fi 
         if [[ $CLOUDTRAILBUCKET_LOGENABLED ]];then
           textPass "Bucket access logging enabled in CloudTrail S3 bucket $bucket for $trail"
-        elif [ "$CLOUDTRAIL_ACCOUNT_ID" == "$CURRENT_ACCOUNT_ID" ];then
+        elif [ "$CLOUDTRAIL_ACCOUNT_ID" == "$ACCOUNT_ID" ];then
           textFail "Bucket access logging is not enabled in CloudTrail S3 bucket $bucket for $trail"
         else 
           textInfo "CloudTrail S3 bucket $bucket for trail $trail is not in current account"