diff --git a/prowler/providers/aws/services/directoryservice/directoryservice_service.py b/prowler/providers/aws/services/directoryservice/directoryservice_service.py index fac7954d..d31dd49c 100644 --- a/prowler/providers/aws/services/directoryservice/directoryservice_service.py +++ b/prowler/providers/aws/services/directoryservice/directoryservice_service.py @@ -3,6 +3,7 @@ from datetime import datetime from enum import Enum from typing import Optional, Union +from botocore.client import ClientError from pydantic import BaseModel from prowler.lib.logger import logger @@ -117,21 +118,23 @@ class DirectoryService: try: for directory in self.directories.values(): if directory.region == regional_client.region: - describe_event_topics_parameters = {"DirectoryId": directory.id} - event_topics = [] - describe_event_topics = regional_client.describe_event_topics( - **describe_event_topics_parameters - ) - for event_topic in describe_event_topics["EventTopics"]: - event_topics.append( - EventTopics( - topic_arn=event_topic["TopicArn"], - topic_name=event_topic["TopicName"], - status=event_topic["Status"], - created_date_time=event_topic["CreatedDateTime"], - ) + # Operation is not supported for Shared MicrosoftAD directories. + if directory.type != DirectoryType.SharedMicrosoftAD: + describe_event_topics_parameters = {"DirectoryId": directory.id} + event_topics = [] + describe_event_topics = regional_client.describe_event_topics( + **describe_event_topics_parameters ) - self.directories[directory.id].event_topics = event_topics + for event_topic in describe_event_topics["EventTopics"]: + event_topics.append( + EventTopics( + topic_arn=event_topic["TopicArn"], + topic_name=event_topic["TopicName"], + status=event_topic["Status"], + created_date_time=event_topic["CreatedDateTime"], + ) + ) + self.directories[directory.id].event_topics = event_topics except Exception as error: logger.error( f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -146,25 +149,42 @@ class DirectoryService: directory.region == regional_client.region and directory.type != DirectoryType.SimpleAD ): - list_certificates_paginator = regional_client.get_paginator( - "list_certificates" - ) - list_certificates_parameters = {"DirectoryId": directory.id} - certificates = [] - for page in list_certificates_paginator.paginate( - **list_certificates_parameters - ): - for certificate_info in page["CertificatesInfo"]: - certificates.append( - Certificate( - id=certificate_info["CertificateId"], - common_name=certificate_info["CommonName"], - state=certificate_info["State"], - expiry_date_time=certificate_info["ExpiryDateTime"], - type=certificate_info["Type"], + try: + list_certificates_paginator = regional_client.get_paginator( + "list_certificates" + ) + list_certificates_parameters = {"DirectoryId": directory.id} + certificates = [] + for page in list_certificates_paginator.paginate( + **list_certificates_parameters + ): + for certificate_info in page["CertificatesInfo"]: + certificates.append( + Certificate( + id=certificate_info["CertificateId"], + common_name=certificate_info["CommonName"], + state=certificate_info["State"], + expiry_date_time=certificate_info[ + "ExpiryDateTime" + ], + type=certificate_info["Type"], + ) ) + self.directories[directory.id].certificates = certificates + except ClientError as error: + if ( + error.response["Error"]["Code"] + == "UnsupportedOperationException" + ): + logger.warning( + f"{directory.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) - self.directories[directory.id].certificates = certificates + else: + logger.error( + f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + continue + except Exception as error: logger.error( f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" @@ -194,7 +214,6 @@ class DirectoryService: "ManualSnapshotsLimitReached" ], ) - except Exception as error: logger.error( f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" diff --git a/prowler/providers/aws/services/dynamodb/dynamodb_service.py b/prowler/providers/aws/services/dynamodb/dynamodb_service.py index 5f3074fd..c0e9223f 100644 --- a/prowler/providers/aws/services/dynamodb/dynamodb_service.py +++ b/prowler/providers/aws/services/dynamodb/dynamodb_service.py @@ -102,11 +102,22 @@ class DynamoDB: logger.info("DynamoDB - List Tags...") try: for table in self.tables: - regional_client = self.regional_clients[table.region] - response = regional_client.list_tags_of_resource(ResourceArn=table.arn)[ - "Tags" - ] - table.tags = response + try: + regional_client = self.regional_clients[table.region] + response = regional_client.list_tags_of_resource( + ResourceArn=table.arn + )["Tags"] + table.tags = response + except ClientError as error: + if error.response["Error"]["Code"] == "ResourceNotFoundException": + logger.warning( + f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + else: + logger.error( + f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + continue except Exception as error: logger.error( f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index 017bf6e1..18969a7a 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -326,13 +326,13 @@ class Test_IAM_Service: def test__get_account_summary__(self): # Generate IAM Client iam_client = client("iam") - account_summary = iam_client.get_account_summary() + account_summary = iam_client.get_account_summary()["SummaryMap"] # IAM client for this test class audit_info = self.set_mocked_audit_info() iam = IAM(audit_info) - assert iam.account_summary == account_summary + assert iam.account_summary["SummaryMap"] == account_summary # Test IAM Get Password Policy @mock_iam