Revert "Refresh assumed role credentials to avoid role chaining limitations"

README.md

@@ -297,9 +297,9 @@ or with a given External ID:
 
 If you want to run Prowler or just a check or a group across all accounts of AWS Organizations you can do this:
 
-First get a list of accounts that are not suspended:
+First get a list of accounts:
 ```
-ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[?Status==`ACTIVE`].Id --output text)
+ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[*].Id --output text)
 ```
 Then run Prowler to assume a role (same in all members) per each account, in this example it is just running one particular check:
 ```
@@ -648,4 +648,4 @@ Prowler is licensed as Apache License 2.0 as specified in each file. You may obt
 
 **I'm not related anyhow with CIS organization, I just write and maintain Prowler to help companies over the world to make their cloud infrastructure more secure.**
 
-If you want to contact me visit <https://blyx.com/contact> or follow me on Twitter <https://twitter.com/toniblyx> my DMs are open.
+If you want to contact me visit <https://blyx.com/contact> or follow me on Twitter <https://twitter.com/toniblyx> my DMs are open.

include/assume_role

@@ -64,7 +64,6 @@ assume_role(){
     export AWS_ACCESS_KEY_ID=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.AccessKeyId')
     export AWS_SECRET_ACCESS_KEY=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SecretAccessKey')
     export AWS_SESSION_TOKEN=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SessionToken')
-    export AWS_SESSION_EXPIRATION=$(convert_date_to_timestamp "$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.Expiration')")
     rm -fr $TEMP_STS_ASSUMED_FILE
 }
 

include/os_detector

@@ -108,14 +108,6 @@ bsd_get_iso8601_timestamp() {
   "$DATE_CMD" -u +"%Y-%m-%dT%H:%M:%SZ"
 }
 
-gnu_convert_date_to_timestamp() {
-  date -d "$1" +%s
-}
-
-bsd_convert_date_to_timestamp() {
-  date -j -f "%Y-%m-%dT%H:%M:%SZ" "$1" "+%s"
-}
-
 gnu_test_tcp_connectivity() {
   HOST=$1
   PORT=$2
@@ -162,9 +154,6 @@ if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then
   test_tcp_connectivity() {
     gnu_test_tcp_connectivity "$1" "$2" "$3"
   }
-  convert_date_to_timestamp() {
-    gnu_convert_date_to_timestamp "$1"
-  }
 elif [[ "$OSTYPE" == "darwin"* ]]; then
   # BSD/OSX commands compatibility
   TEMP_REPORT_FILE=$(mktemp -t prowler.cred_report-XXXXXX)
@@ -200,9 +189,6 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then
     get_iso8601_timestamp() {
       gnu_get_iso8601_timestamp
     }
-    convert_date_to_timestamp() {
-      gnu_convert_date_to_timestamp "$1"
-    }
   else
     how_older_from_today() {
       bsd_how_older_from_today "$1"
@@ -222,9 +208,6 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then
     get_iso8601_timestamp() {
       bsd_get_iso8601_timestamp
     }
-    convert_date_to_timestamp() {
-      bsd_convert_date_to_timestamp "$1"
-    }
   fi
   if "$BASE64_CMD" --version >/dev/null 2>&1 ; then
     decode_report() {
@@ -265,9 +248,6 @@ elif [[ "$OSTYPE" == "cygwin" ]]; then
   test_tcp_connectivity() {
     gnu_test_tcp_connectivity "$1" "$2" "$3"
   }
-  convert_date_to_timestamp() {
-    gnu_convert_date_to_timestamp "$1"
-  }
 else
   echo "Unknown Operating System! Valid \$OSTYPE: linux-gnu, linux-musl, darwin* or cygwin"
   echo "Found: $OSTYPE"

prowler

@@ -320,15 +320,6 @@ show_group_title() {
 
 # Function to execute the check
 execute_check() {
-  if [[ $ACCOUNT_TO_ASSUME ]]; then
-    if (( "$AWS_SESSION_EXPIRATION" < (( "$(date -u "+%s")" + (( $SESSION_DURATION_TO_ASSUME / 10 )) )) )); then
-      unset AWS_ACCESS_KEY_ID
-      unset AWS_SECRET_ACCESS_KEY
-      unset AWS_SESSION_TOKEN
-      assume_role
-    fi
-  fi
-
   # See if this is an alternate name for a check
   # for example, we might have been passed 1.01 which is another name for 1.1
   local alternate_name_var=CHECK_ALTERNATE_$1