fix(partition): add dynamic partition in CloudTrail S3 DataEvents checks (#1787)

Co-authored-by: sergargar <sergio@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-01-27 10:50:31 +01:00
parent 5d2b8bc8aa
commit 711f24a5b2
3 changed files with 9 additions and 4 deletions
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py
@@ -22,8 +22,10 @@ class cloudtrail_s3_dataevents_read_enabled(Check):
                ):
                    for resource in data_event["DataResources"]:
                        if "AWS::S3::Object" == resource["Type"] and (
-                            "arn:aws:s3" in resource["Values"]
-                            or "arn:aws:s3:::*/*" in resource["Values"]
+                            f"arn:{cloudtrail_client.audited_partition}:s3"
+                            in resource["Values"]
+                            or f"arn:{cloudtrail_client.audited_partition}:s3:::*/*"
+                            in resource["Values"]
                        ):
                            report.region = trail.region
                            report.resource_id = trail.name
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py
@@ -22,8 +22,10 @@ class cloudtrail_s3_dataevents_write_enabled(Check):
                ):
                    for resource in data_event["DataResources"]:
                        if "AWS::S3::Object" == resource["Type"] and (
-                            "arn:aws:s3" in resource["Values"]
-                            or "arn:aws:s3:::*/*" in resource["Values"]
+                            f"arn:{cloudtrail_client.audited_partition}:s3"
+                            in resource["Values"]
+                            or f"arn:{cloudtrail_client.audited_partition}:s3:::*/*"
+                            in resource["Values"]
                        ):
                            report.region = trail.region
                            report.resource_id = trail.name
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
@@ -12,6 +12,7 @@ class Cloudtrail:
        self.service = "cloudtrail"
        self.session = audit_info.audit_session
        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
        self.region = audit_info.profile_region
        self.regional_clients = generate_regional_clients(self.service, audit_info)
        self.trails = []