Fixes #200

prowler

@@ -249,23 +249,21 @@ fi
 # check environment variables and if not, it checks and loads credentials from
 # instance profile (metadata server) if runs in an EC2 instance
 
+INSTANCE_PROFILE=$(curl -s -m 1 http://169.254.169.254/latest/meta-data/iam/security-credentials/)
+
 if [[ $PROFILE ]]; then
   PROFILE_OPT="--profile $PROFILE"
-else
-  # if Prowler runs insinde an AWS instance with IAM instance profile attached
-  INSTANCE_PROFILE=$(curl -s -m 1 http://169.254.169.254/latest/meta-data/iam/security-credentials/)
-  if [[ $INSTANCE_PROFILE ]]; then
+elif [[ $AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY || $AWS_SESSION_TOKEN ]];then
+    PROFILE="ENV"
+    PROFILE_OPT=""
+elif [[ $INSTANCE_PROFILE ]];then
+    PROFILE="INSTANCE-PROFILE"
     AWS_ACCESS_KEY_ID=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${INSTANCE_PROFILE} | grep AccessKeyId | cut -d':' -f2 | sed 's/[^0-9A-Z]*//g')
     AWS_SECRET_ACCESS_KEY_ID=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${INSTANCE_PROFILE} | grep SecretAccessKey | cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g')
     AWS_SESSION_TOKEN=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${INSTANCE_PROFILE}  grep Token| cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g')
-  fi
-  if [[ $AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY || $AWS_SESSION_TOKEN ]];then
-    PROFILE="ENV"
-    PROFILE_OPT=""
-  else
+else
     PROFILE="default"
     PROFILE_OPT="--profile $PROFILE"
-  fi
 fi
 
 # AWS-CLI variables