From 711f24a5b23588c46e87dbc3c2e58696330885b3 Mon Sep 17 00:00:00 2001
From: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
Date: Fri, 27 Jan 2023 10:50:31 +0100
Subject: [PATCH] fix(partition): add dynamic partition in CloudTrail S3
 DataEvents checks (#1787)

Co-authored-by: sergargar <sergio@verica.io>
---
 .../cloudtrail_s3_dataevents_read_enabled.py                | 6 ++++--
 .../cloudtrail_s3_dataevents_write_enabled.py               | 6 ++++--
 .../providers/aws/services/cloudtrail/cloudtrail_service.py | 1 +
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py
index 4284cdf2..fe34579a 100644
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py
@@ -22,8 +22,10 @@ class cloudtrail_s3_dataevents_read_enabled(Check):
                 ):
                     for resource in data_event["DataResources"]:
                         if "AWS::S3::Object" == resource["Type"] and (
-                            "arn:aws:s3" in resource["Values"]
-                            or "arn:aws:s3:::*/*" in resource["Values"]
+                            f"arn:{cloudtrail_client.audited_partition}:s3"
+                            in resource["Values"]
+                            or f"arn:{cloudtrail_client.audited_partition}:s3:::*/*"
+                            in resource["Values"]
                         ):
                             report.region = trail.region
                             report.resource_id = trail.name
diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py
index 47f82095..5809a3fe 100644
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py
@@ -22,8 +22,10 @@ class cloudtrail_s3_dataevents_write_enabled(Check):
                 ):
                     for resource in data_event["DataResources"]:
                         if "AWS::S3::Object" == resource["Type"] and (
-                            "arn:aws:s3" in resource["Values"]
-                            or "arn:aws:s3:::*/*" in resource["Values"]
+                            f"arn:{cloudtrail_client.audited_partition}:s3"
+                            in resource["Values"]
+                            or f"arn:{cloudtrail_client.audited_partition}:s3:::*/*"
+                            in resource["Values"]
                         ):
                             report.region = trail.region
                             report.resource_id = trail.name
diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
index 5881a4ca..a2da9a59 100644
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
@@ -12,6 +12,7 @@ class Cloudtrail:
         self.service = "cloudtrail"
         self.session = audit_info.audit_session
         self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
         self.region = audit_info.profile_region
         self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.trails = []