feat(regions): Filter Audited Regions (-f) (#1202)

* feat(filter-regions): Added -f and ebs encryption check. * feat(filter-regions): Added -f and ebs encryption check. * feat(regional_clients): add regional_clients. * fix(global variables): created global variables * chore(role option): Mixed -A/-R option including error handling * fix(arn): import errors from error.py file * fix(review_comments): Review PR comments. Co-authored-by: sergargar <sergio@verica.io> Co-authored-by: n4ch04 <nachor1992@gmail.com>
2026-02-10 06:45:08 +00:00 · 2022-06-20 11:25:26 +02:00
parent f694a6d12a
commit b89b883741
16 changed files with 30264 additions and 96 deletions
--- a/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.py
+++ b/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.py
@@ -22,18 +22,18 @@ class iam_disable_30_days_credentials(Check):
                        )
                        if time_since_insertion.days > maximum_expiration_days:
                            report.status = "FAIL"
-                            report.result_extended = f"User {user['UserName']} has not logged into the console in the past 90 days"
+                            report.result_extended = f"User {user['UserName']} has not logged into the console in the past 30 days"
                            report.region = "us-east-1"
                        else:
                            report.status = "PASS"
-                            report.result_extended = f"User {user['UserName']} has logged into the console in the past 90 days"
+                            report.result_extended = f"User {user['UserName']} has logged into the console in the past 30 days"
                            report.region = "us-east-1"
                    except KeyError:
                        pass
                else:
                    report.status = "PASS"
                    report.result_extended = (
-                        f"User {user['UserName']} has not console password"
+                        f"User {user['UserName']} has not a console password or is unused."
                    )
                    report.region = "us-east-1"

@@ -46,4 +46,4 @@ class iam_disable_30_days_credentials(Check):
            report.region = "us-east-1"
            findings.append(report)

-        return findings
+        return findings
--- a/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.py
+++ b/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.py
@@ -7,14 +7,13 @@ maximum_expiration_days = 90


 class iam_disable_90_days_credentials(Check):
-    def execute(self):
+    def execute(self) -> Check_Report:
        findings = []
-        report = Check_Report
-
        response = iam_client.users
+
        if response:
            for user in response:
-                report = Check_Report
+                report = Check_Report()
                if "PasswordLastUsed" in user and user["PasswordLastUsed"] != "":
                    try:
                        time_since_insertion = (
@@ -34,13 +33,16 @@ class iam_disable_90_days_credentials(Check):
                else:
                    report.status = "PASS"
                    report.result_extended = (
-                        f"User {user['UserName']} has not console password"
+                        f"User {user['UserName']} has not a console password or is unused."
                    )
                    report.region = "us-east-1"
+
+                # Append report
                findings.append(report)
        else:
+            report = Check_Report()
            report.status = "PASS"
            report.result_extended = "There is no IAM users"
            report.region = "us-east-1"

-        return findings
+        return findings
--- a/providers/aws/services/iam/iam_service.py
+++ b/providers/aws/services/iam/iam_service.py
@@ -23,13 +23,8 @@ class IAM:
    def __get_roles__(self):
        try:
            get_roles_paginator = self.client.get_paginator("list_roles")
-        except botocore.exceptions.ClientError as error:
-            logger.error(
-                f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
-            )
        except Exception as error:
-            logger.critical(f"{error.__class__.__name__} -- {error}")
-            quit()
+            logger.error(f"{error.__class__.__name__} -- {error}")
        else:
            roles = []
            for page in get_roles_paginator.paginate():
@@ -43,13 +38,8 @@ class IAM:
        while not report_is_completed:
            try:
                report_status = self.client.generate_credential_report()
-            except botocore.exceptions.ClientError as error:
-                logger.error(
-                    f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
-                )
            except Exception as error:
-                logger.critical(f"{error.__class__.__name__} -- {error}")
-                quit()
+                logger.error(f"{error.__class__.__name__} -- {error}")
            else:
                if report_status["State"] == "COMPLETE":
                    report_is_completed = True
@@ -59,13 +49,8 @@ class IAM:
    def __get_groups__(self):
        try:
            get_groups_paginator = self.client.get_paginator("list_groups")
-        except botocore.exceptions.ClientError as error:
-            logger.error(
-                f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
-            )
        except Exception as error:
-            logger.critical(f"{error.__class__.__name__} -- {error}")
-            quit()
+            logger.error(f"{error.__class__.__name__} -- {error}")
        else:
            groups = []
            for page in get_groups_paginator.paginate():
@@ -79,13 +64,8 @@ class IAM:
            get_customer_managed_policies_paginator = self.client.get_paginator(
                "list_policies"
            )
-        except botocore.exceptions.ClientError as error:
-            logger.error(
-                f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
-            )
        except Exception as error:
-            logger.critical(f"{error.__class__.__name__} -- {error}")
-            quit()
+            logger.error(f"{error.__class__.__name__} -- {error}")
        else:
            customer_managed_policies = []
            for page in get_customer_managed_policies_paginator.paginate(Scope="Local"):
@@ -97,13 +77,8 @@ class IAM:
    def __get_users__(self):
        try:
            get_users_paginator = self.client.get_paginator("list_users")
-        except botocore.exceptions.ClientError as error:
-            logger.error(
-                f"{error.response['Error']['Code']} -- {error.response['Error']['Message']}"
-            )
        except Exception as error:
-            logger.critical(f"{error.__class__.__name__} -- {error}")
-            quit()
+            logger.error(f"{error.__class__.__name__} -- {error}")
        else:
            users = []
            for page in get_users_paginator.paginate():