Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🧹 Do not fetch trails if they are not part of the account. #1185

Merged
merged 2 commits into from
May 7, 2023
Merged

🧹 Do not fetch trails if they are not part of the account. #1185

merged 2 commits into from
May 7, 2023

Conversation

preslavgerchev
Copy link
Contributor

Fixes #1184

We cannot query information about a trail (log group, kms key, etc) if that trail is coming from another account. In that case, we should just skip it

vjeffrey
vjeffrey reviewed May 4, 2023
View reviewed changes
resources/packs/aws/aws_cloudtrail.go Outdated
// we skip trails that are not coming from the account that is being scanned
// such trails are organization trails, created from another (master) acc in the org
trailArn := core.ToString(trail.TrailARN)
if !strings.Contains(trailArn, acc) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there any information we can gather about organization trails? we should be able to work around not being able to fetch a kms key or log group, since keys can be deleted anytime, it's always a problem we can run into

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, we can also just not err out if the key or the log group are not found.

re the org trails: there's a bool on the trail that indicates what it is. i am not sure if we can use it since i'd assume we want to show that trail in the master acc it has been created from

@preslavgerchev preslavgerchev merged commit 22d06e7 into main May 7, 2023
@preslavgerchev preslavgerchev deleted the preslav/1184 branch May 7, 2023 12:33
@github-actions github-actions bot locked and limited conversation to collaborators May 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vjeffrey vjeffrey vjeffrey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@preslavgerchev @vjeffrey