feat(iam): add IAM Role Class (#1709)

Co-authored-by: sergargar <sergio@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-01-16 11:47:23 +01:00
parent 64090474e1
commit 7f26fdf2d0
2 changed files with 25 additions and 9 deletions
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py
@@ -11,8 +11,8 @@ class cloudwatch_cross_account_sharing_disabled(Check):
        report.resource_id = "CloudWatch-CrossAccountSharingRole"
        report.region = iam_client.region
        for role in iam_client.roles:
-            if role["RoleName"] == "CloudWatch-CrossAccountSharingRole":
-                report.resource_arn = role["Arn"]
+            if role.name == "CloudWatch-CrossAccountSharingRole":
+                report.resource_arn = role.arn
                report.status = "FAIL"
                report.status_extended = "CloudWatch has allowed cross-account sharing."
        findings.append(report)
--- a/prowler/providers/aws/services/iam/iam_service.py
+++ b/prowler/providers/aws/services/iam/iam_service.py
@@ -50,17 +50,21 @@ class IAM:
    def __get_roles__(self):
        try:
            get_roles_paginator = self.client.get_paginator("list_roles")
+            roles = []
+            for page in get_roles_paginator.paginate():
+                for role in page["Roles"]:
+                    roles.append(
+                        Role(
+                            name=role["RoleName"],
+                            arn=role["Arn"],
+                            assume_role_policy=role["AssumeRolePolicyDocument"],
+                        )
+                    )
+            return roles
        except Exception as error:
            logger.error(
                f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )
-        else:
-            roles = []
-            for page in get_roles_paginator.paginate():
-                for role in page["Roles"]:
-                    roles.append(role)
-
-            return roles

    def __get_credential_report__(self):
        report_is_completed = False
@@ -427,6 +431,18 @@ class User:
        self.inline_policies = []


+@dataclass
+class Role:
+    name: str
+    arn: str
+    assume_role_policy: dict
+
+    def __init__(self, name, arn, assume_role_policy):
+        self.name = name
+        self.arn = arn
+        self.assume_role_policy = assume_role_policy
+
+
@dataclass
 class Group:
    name: str