Better handle permissions and errors

include/whoami

@@ -29,9 +29,8 @@ case "$REGION" in
   ;;
 esac
 
-GETCALLER=$($AWSCLI sts get-caller-identity $PROFILE_OPT --region $REGION_FOR_STS)
-RESULT_CALL=$?
-if [[ $RESULT_CALL == 254 ]]; then
+GETCALLER=$($AWSCLI sts get-caller-identity $PROFILE_OPT --region $REGION_FOR_STS 2>&1)
+if [[ $(echo "$GETCALLER" | grep 'Unable') ]]; then
   if [[ $PRINTCHECKSONLY || $PRINTGROUPSONLY ]]; then
     echo Listing... 
   else
@@ -45,11 +44,11 @@ fi
 if [[ $ACCOUNT_TO_ASSUME ]]; then
   ACCOUNT_NUM=$ACCOUNT_TO_ASSUME
 else
-  ACCOUNT_NUM=$(echo $GETCALLER | jq -r '.Account')
+  ACCOUNT_NUM=$(echo $GETCALLER | jq -r '.Account' 2>&1)
 fi
 
-CALLER_ARN=$(echo $GETCALLER | jq -r '.Arn')
-USER_ID=$(echo $GETCALLER | jq -r '.UserId')
+CALLER_ARN=$(echo $GETCALLER | jq -r '.Arn' 2>&1)
+USER_ID=$(echo $GETCALLER | jq -r '.UserId' 2>&1)
 AWS_PARTITION=$(echo $CALLER_ARN| cut -d: -f2)
 
 getWhoami(){

prowler

@@ -261,9 +261,14 @@ fi
 # Get list of regions based on include/whoami
 REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1)
 if [[ $(echo "$REGIONS" | grep 'AccessDenied\|UnauthorizedOperation') ]]; then
-  echo "Access Denied trying to describe regions"
-  EXITCODE=1
-  exit $EXITCODE
+  if [[ $PRINTCHECKSONLY || $PRINTGROUPSONLY ]]; then
+    echo Listing... 
+  else
+    # Failed to get own identity ... exit
+    echo "Access Denied trying to describe regions"
+    EXITCODE=1
+    exit $EXITCODE
+  fi
 fi
 
 # Pre-process whitelist file if supplied