fix(vpc): handle ephemeral VPC endpoint services (#2501)

2026-02-10 23:05:05 +00:00 · 2023-06-19 12:23:52 +02:00
parent be4f58ed8f
commit 60c341befd
1 changed files with 18 additions and 8 deletions
--- a/prowler/providers/aws/services/vpc/vpc_service.py
+++ b/prowler/providers/aws/services/vpc/vpc_service.py
@@ -2,6 +2,7 @@ import json
 import threading
 from typing import Optional

+from botocore.client import ClientError
 from pydantic import BaseModel

 from prowler.lib.logger import logger
@@ -227,14 +228,23 @@ class VPC:
        try:
            for service in self.vpc_endpoint_services:
                regional_client = self.regional_clients[service.region]
-                for (
-                    principal
-                ) in regional_client.describe_vpc_endpoint_service_permissions(
-                    ServiceId=service.id
-                )[
-                    "AllowedPrincipals"
-                ]:
-                    service.allowed_principals.append(principal["Principal"])
+                try:
+                    for (
+                        principal
+                    ) in regional_client.describe_vpc_endpoint_service_permissions(
+                        ServiceId=service.id
+                    )[
+                        "AllowedPrincipals"
+                    ]:
+                        service.allowed_principals.append(principal["Principal"])
+                except ClientError as error:
+                    if (
+                        error.response["Error"]["Code"]
+                        == "InvalidVpcEndpointServiceId.NotFound"
+                    ):
+                        logger.warning(
+                            f"{service.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
        except Exception as error:
            logger.error(
                f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"