ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed AccessDeniedException on extra730

Browse Source 
When executing Prowler using a specific profile (in my case to assume a role) , check_extra730 returns:

"An error occurred (AccessDeniedException) when calling the DescribeCertificate operation: User: [ASSUMED_ROLE_ARN] is not authorized to perform: acm:DescribeCertificate on resource: [RESOURCE_ARN]"

This is because line 28 did not contain  the following parameters: "$PROFILE_OPT --region $regx" .
This commit is contained in:
Samuel Dugo
2018-12-05 11:35:44 +01:00
parent 31a0de167c
commit 573fa46aac
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/check_extra730
View File

@@ -25,7 +25,7 @@ extra730(){
LIST_OF_ACM_CERTS=$($AWSCLI acm list-certificates $PROFILE_OPT --region $regx --query 'CertificateSummaryList[].CertificateArn' --output text)
if [[ $LIST_OF_ACM_CERTS ]];then
for cert in $LIST_OF_ACM_CERTS; do
CERT_DATA=$($AWSCLI acm describe-certificate --certificate-arn $cert --query 'Certificate.[DomainName,NotAfter]' --output text)
CERT_DATA=$($AWSCLI acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert --query 'Certificate.[DomainName,NotAfter]' --output text)
echo "$CERT_DATA" | while read FQDN NOTAFTER; do
EXPIRES_DATE=$(timestamp_to_date $NOTAFTER)
COUNTER_DAYS=$(how_many_days_from_today $EXPIRES_DATE)