Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(aws): Assume role for Gov Cloud #4254

Merged
merged 3 commits into from
Jun 18, 2024
Merged

fix(aws): Assume role for Gov Cloud #4254

merged 3 commits into from
Jun 18, 2024

Conversation

jfagoagas
Copy link
Member

Context

Fixes #4244

Description

Handle AWS Gov Cloud partition while assuming roles.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jfagoagas jfagoagas requested review from a team as code owners June 17, 2024 08:45
@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Jun 17, 2024
jfagoagas
jfagoagas commented Jun 17, 2024
View reviewed changes
prowler/providers/aws/aws_provider.py
@@ -850,8 +850,7 @@ def assume_role(
mfa_info = self.__input_role_mfa_token_and_code__()
assume_role_arguments["SerialNumber"] = mfa_info.arn
assume_role_arguments["TokenCode"] = mfa_info.totp

sts_client = create_sts_session(session, AWS_STS_GLOBAL_ENDPOINT_REGION)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the issue here, we were always assuming a role with the Global STS Endpoint Region which is us-east-1.

@codecov Codecov
Copy link

codecov bot commented Jun 17, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.69%. Comparing base (61b9ecc) to head (31a1fc8).
Report is 7 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4254   +/-   ##
=======================================
  Coverage   86.69%   86.69%           
=======================================
  Files         818      818           
  Lines       25698    25709   +11     
=======================================
+ Hits        22279    22289   +10     
- Misses       3419     3420    +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jfagoagas @sergargar
fix: remove print
31a1fc8 
Co-authored-by: Sergio Garcia <[email protected]>
@jfagoagas jfagoagas requested a review from sergargar June 18, 2024 06:47
sergargar
sergargar approved these changes Jun 18, 2024
View reviewed changes
Copy link
Member

@sergargar sergargar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!!

@sergargar sergargar merged commit e8a9473 into master Jun 18, 2024
11 checks passed
@sergargar sergargar deleted the PRWLR-3913-bug-assume-role-region-is-not-valid-for-gov-cloud-regions-4244 branch June 18, 2024 13:37
@jfagoagas jfagoagas added the backport-v3 Pending to port to Prowler v3 branch label Jun 19, 2024
@jfagoagas
Copy link
Member Author

I'm not sure about this backport, we have to check it manually in v3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergargar sergargar sergargar approved these changes

Assignees
No one assigned
Labels
backport-v3 Pending to port to Prowler v3 branch provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: Assume Role Region is not valid for GovCloud Regions
2 participants
@jfagoagas @sergargar