Rollback #562 fix issue #564

checks/check_extra712

@@ -16,18 +16,13 @@ CHECK_SCORED_extra712="NOT_SCORED"
 CHECK_TYPE_extra712="EXTRA"
 CHECK_ALTERNATE_check712="extra712"
 
-extra712(){
-  # "Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
-  MACIE_NOT_SUPPORTED="Could not connect to the endpoint URL"
-  MACIE_NOT_ENABLED="Macie is not enabled for this AWS account"
-  for regx in $REGIONS; do
-      MACIE_MEMBER_ACCOUNTS=$($AWSCLI macie list-member-accounts $PROFILE_OPT --region $regx --output text --query 'memberAccounts[*]' 2>&1)
-      if [[ ${MACIE_MEMBER_ACCOUNTS} == *${MACIE_NOT_SUPPORTED}* ]];then
-        textInfo "$regx: Amazon Macie is not supported in $regx" "$regx"
-      elif [[ ${MACIE_MEMBER_ACCOUNTS} == *${MACIE_NOT_ENABLED}* ]];then
-        textFail "$regx: Amazon Macie is not enabled!" "$regx"
-      else
-        textPass "$regx: Amazon Macie is enabled!" "$regx"
-      fi
-  done
-} 
+ extra712(){ 
+   textInfo "No API commands available to check if Macie is enabled," 
+   textInfo "just looking if IAM Macie related permissions exist.  " 
+   MACIE_IAM_ROLES_CREATED=$($AWSCLI iam list-roles $PROFILE_OPT --query 'Roles[*].Arn'|grep AWSMacieServiceCustomer|wc -l) 
+   if [[ $MACIE_IAM_ROLES_CREATED -eq 2 ]];then 
+     textPass "Macie related IAM roles exist so it might be enabled. Check it out manually" 
+else
+     textFail "No Macie related IAM roles found. It is most likely not to be enabled" 
+fi
+}