From 25e48ae546e08b827b649714873961828375b6f5 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Tue, 13 Jun 2023 10:18:23 +0200 Subject: [PATCH] chore(arn): include ARN of AWS accounts (#2477) Co-authored-by: Pepe Fagoaga --- .../aws/lib/audit_info/audit_info.py | 1 + .../providers/aws/lib/audit_info/models.py | 1 + ...ccount_maintain_current_contact_details.py | 1 + ...urity_contact_information_is_registered.py | 1 + ...tions_are_registered_in_the_aws_account.py | 1 + .../aws/services/account/account_service.py | 2 ++ .../backup_plans_exist/backup_plans_exist.py | 4 +-- .../backup_reportplans_exist.py | 4 +-- .../aws/services/backup/backup_service.py | 2 ++ .../backup_vaults_exist.py | 4 +-- .../cloudtrail_multi_region_enabled.py | 4 +-- .../cloudtrail_s3_dataevents_read_enabled.py | 4 +-- .../cloudtrail_s3_dataevents_write_enabled.py | 4 +-- .../services/cloudtrail/cloudtrail_service.py | 3 ++- ...hanges_to_network_acls_alarm_configured.py | 1 + ...es_to_network_gateways_alarm_configured.py | 1 + ...o_network_route_tables_alarm_configured.py | 1 + ...dwatch_changes_to_vpcs_alarm_configured.py | 1 + ...oudwatch_cross_account_sharing_disabled.py | 6 +++-- ...ws_config_configuration_changes_enabled.py | 1 + ...loudtrail_configuration_changes_enabled.py | 1 + ...g_metric_filter_authentication_failures.py | 1 + ...metric_filter_aws_organizations_changes.py | 1 + ...isable_or_scheduled_deletion_of_kms_cmk.py | 1 + ...ric_filter_for_s3_bucket_policy_changes.py | 1 + ...dwatch_log_metric_filter_policy_changes.py | 1 + ...cloudwatch_log_metric_filter_root_usage.py | 1 + ...og_metric_filter_security_group_changes.py | 1 + ...h_log_metric_filter_sign_in_without_mfa.py | 1 + ...og_metric_filter_unauthorized_api_calls.py | 1 + .../config_recorder_all_regions_enabled.py | 7 ++++- .../aws/services/config/config_service.py | 2 ++ .../drs/drs_job_exist/drs_job_exist.py | 4 +-- .../providers/aws/services/drs/drs_service.py | 1 + .../ec2_ebs_default_encryption.py | 3 ++- .../providers/aws/services/ec2/ec2_service.py | 1 + ...mr_cluster_account_public_block_enabled.py | 2 +- .../providers/aws/services/emr/emr_service.py | 2 ++ .../fms_policy_compliant.py | 4 +-- .../providers/aws/services/fms/fms_service.py | 1 + ...connection_passwords_encryption_enabled.py | 1 + ...ta_catalogs_metadata_encryption_enabled.py | 1 + .../aws/services/glue/glue_service.py | 3 ++- ...xpires_passwords_within_90_days_or_less.py | 3 ++- .../iam_password_policy_lowercase.py | 3 ++- .../iam_password_policy_minimum_length_14.py | 3 ++- .../iam_password_policy_number.py | 3 ++- .../iam_password_policy_reuse_24.py | 3 ++- .../iam_password_policy_symbol.py | 3 ++- .../iam_password_policy_uppercase.py | 3 ++- .../iam_root_hardware_mfa_enabled.py | 4 +-- .../providers/aws/services/iam/iam_service.py | 1 + .../inspector2_findings_exist.py | 4 +-- .../services/inspector2/inspector2_service.py | 3 ++- .../macie_is_enabled/macie_is_enabled.py | 3 ++- .../aws/services/macie/macie_service.py | 2 ++ .../resourceexplorer2_indexes_found.py | 1 + .../resourceexplorer2_service.py | 2 ++ .../s3_account_level_public_access_blocks.py | 1 + .../s3_bucket_public_access.py | 1 + .../providers/aws/services/s3/s3_service.py | 1 + .../ssmincidents_enabled_with_plans.py | 3 ++- .../ssmincidents/ssmincidents_service.py | 1 + .../vpc_different_regions.py | 1 + .../providers/aws/services/vpc/vpc_service.py | 1 + prowler/providers/common/audit_info.py | 2 ++ tests/lib/check/check_test.py | 1 + tests/lib/outputs/outputs_test.py | 7 +++++ tests/lib/outputs/slack_test.py | 1 + tests/providers/aws/aws_provider_test.py | 4 +++ .../aws/lib/allowlist/allowlist_test.py | 1 + .../accessanalyzer_service_test.py | 1 + .../aws/services/acm/acm_service_test.py | 1 + .../apigateway_authorizers_enabled_test.py | 1 + ...gateway_client_certificate_enabled_test.py | 1 + .../apigateway_endpoint_public_test.py | 1 + .../apigateway_logging_enabled_test.py | 1 + .../apigateway/apigateway_service_test.py | 1 + .../apigateway_waf_acl_attached_test.py | 1 + ...pigatewayv2_access_logging_enabled_test.py | 1 + .../apigatewayv2_authorizers_enabled_test.py | 1 + .../apigatewayv2/apigatewayv2_service_test.py | 1 + .../appstream/appstream_service_test.py | 1 + ...d_secrets_ec2_launch_configuration_test.py | 1 + .../autoscaling_group_multiple_az_test.py | 1 + .../autoscaling/autoscaling_service_test.py | 1 + ...rations_cloudtrail_logging_enabled_test.py | 1 + .../awslambda/awslambda_service_test.py | 1 + .../backup_plans_exist_test.py | 9 +++++-- .../backup_reportplans_exist_test.py | 9 +++++-- .../services/backup/backup_service_test.py | 2 +- .../backup_vaults_exist_test.py | 9 +++++-- .../cloudformation_service_test.py | 1 + .../cloudfront/cloudfront_service_test.py | 1 + ...udtrail_bucket_requires_mfa_delete_test.py | 1 + ...udtrail_cloudwatch_logging_enabled_test.py | 1 + .../cloudtrail_insights_exist_test.py | 1 + .../cloudtrail_kms_encryption_enabled_test.py | 1 + ...dtrail_log_file_validation_enabled_test.py | 1 + ...s_s3_bucket_access_logging_enabled_test.py | 1 + ..._bucket_is_not_publicly_accessible_test.py | 1 + .../cloudtrail_multi_region_enabled_test.py | 20 +++++++++----- ...udtrail_s3_dataevents_read_enabled_test.py | 17 ++++++------ ...dtrail_s3_dataevents_write_enabled_test.py | 13 ++++++--- .../cloudtrail/cloudtrail_service_test.py | 1 + ...s_to_network_acls_alarm_configured_test.py | 1 + ..._network_gateways_alarm_configured_test.py | 1 + ...work_route_tables_alarm_configured_test.py | 1 + ...h_changes_to_vpcs_alarm_configured_test.py | 1 + ...tch_cross_account_sharing_disabled_test.py | 5 ++-- ...h_log_group_kms_encryption_enabled_test.py | 1 + ...watch_log_group_no_secrets_in_logs_test.py | 1 + ...ntion_policy_specific_days_enabled_test.py | 1 + ...nfig_configuration_changes_enabled_test.py | 1 + ...rail_configuration_changes_enabled_test.py | 1 + ...ric_filter_authentication_failures_test.py | 1 + ...c_filter_aws_organizations_changes_test.py | 1 + ...e_or_scheduled_deletion_of_kms_cmk_test.py | 1 + ...ilter_for_s3_bucket_policy_changes_test.py | 1 + ...h_log_metric_filter_policy_changes_test.py | 1 + ...watch_log_metric_filter_root_usage_test.py | 1 + ...tric_filter_security_group_changes_test.py | 1 + ..._metric_filter_sign_in_without_mfa_test.py | 1 + ...tric_filter_unauthorized_api_calls_test.py | 1 + .../cloudwatch/cloudwatch_service_test.py | 1 + .../codeartifact/codeartifact_service_test.py | 1 + .../codebuild/codebuild_service_test.py | 1 + ...onfig_recorder_all_regions_enabled_test.py | 1 + .../services/config/config_service_test.py | 1 + .../directoryservice_service_test.py | 1 + .../drs/drs_job_exist/drs_job_exist_test.py | 19 ++++++++----- .../aws/services/drs/drs_service_test.py | 2 +- ...lerator_cluster_encryption_enabled_test.py | 1 + .../dynamodb/dynamodb_service_test.py | 1 + ..._tables_kms_cmk_encryption_enabled_test.py | 1 + .../dynamodb_tables_pitr_enabled_test.py | 1 + .../ec2/ec2_ami_public/ec2_ami_public_test.py | 1 + .../ec2_ebs_default_encryption_test.py | 1 + .../ec2_ebs_public_snapshot_test.py | 1 + .../ec2_ebs_snapshots_encrypted_test.py | 1 + .../ec2_ebs_volume_encryption_test.py | 1 + .../ec2_elastic_ip_shodan_test.py | 1 + .../ec2_elastic_ip_unassgined_test.py | 1 + .../ec2_instance_imdsv2_enabled_test.py | 1 + ...ernet_facing_with_instance_profile_test.py | 1 + ..._instance_older_than_specific_days_test.py | 1 + .../ec2_instance_profile_attached_test.py | 1 + .../ec2_instance_public_ip_test.py | 1 + .../ec2_instance_secrets_user_data_test.py | 1 + ..._networkacl_allow_ingress_any_port_test.py | 1 + ...tworkacl_allow_ingress_tcp_port_22_test.py | 1 + ...orkacl_allow_ingress_tcp_port_3389_test.py | 1 + ..._ingress_from_internet_to_any_port_test.py | 1 + ...ternet_to_port_mongodb_27017_27018_test.py | 1 + ...rom_internet_to_tcp_ftp_port_20_21_test.py | 1 + ...gress_from_internet_to_tcp_port_22_test.py | 1 + ...ess_from_internet_to_tcp_port_3389_test.py | 1 + ..._tcp_port_cassandra_7199_9160_8888_test.py | 1 + ...lasticsearch_kibana_9200_9300_5601_test.py | 1 + ...om_internet_to_tcp_port_kafka_9092_test.py | 1 + ...ternet_to_tcp_port_memcached_11211_test.py | 1 + ...om_internet_to_tcp_port_mysql_3306_test.py | 1 + ...ernet_to_tcp_port_oracle_1521_2483_test.py | 1 + ...internet_to_tcp_port_postgres_5432_test.py | 1 + ...om_internet_to_tcp_port_redis_6379_test.py | 1 + ...t_to_tcp_port_sql_server_1433_1434_test.py | 1 + ...rom_internet_to_tcp_port_telnet_23_test.py | 1 + ...ygroup_allow_wide_open_public_ipv4_test.py | 1 + ...ritygroup_default_restrict_traffic_test.py | 1 + ...2_securitygroup_from_launch_wizard_test.py | 1 + .../ec2_securitygroup_not_used_test.py | 1 + ...oup_with_many_ingress_egress_rules_test.py | 1 + .../aws/services/ec2/ec2_service_test.py | 1 + .../aws/services/ecr/ecr_service_test.py | 1 + .../aws/services/ecs/ecs_service_test.py | 1 + .../aws/services/efs/efs_service_test.py | 1 + .../aws/services/eks/eks_service_test.py | 1 + .../elb_insecure_ssl_ciphers_test.py | 1 + .../elb_internet_facing_test.py | 1 + .../elb_logging_enabled_test.py | 1 + .../aws/services/elb/elb_service_test.py | 1 + .../elb_ssl_listeners_test.py | 1 + .../elbv2_deletion_protection_test.py | 1 + .../elbv2_desync_mitigation_mode_test.py | 1 + .../elbv2_insecure_ssl_ciphers_test.py | 1 + .../elbv2_internet_facing_test.py | 1 + .../elbv2_listeners_underneath_test.py | 1 + .../elbv2_logging_enabled_test.py | 1 + .../aws/services/elbv2/elbv2_service_test.py | 1 + .../elbv2_ssl_listeners_test.py | 1 + .../elbv2_waf_acl_attached_test.py | 1 + .../emr_cluster_publicly_accesible_test.py | 1 + .../aws/services/emr/emr_service_test.py | 1 + .../fms_policy_compliant_test.py | 11 ++++++-- .../aws/services/fms/fms_service_test.py | 2 +- .../services/glacier/glacier_service_test.py | 1 + .../globalaccelerator_service_test.py | 1 + .../aws/services/glue/glue_service_test.py | 1 + .../guardduty/guardduty_service_test.py | 1 + .../iam_administrator_access_with_mfa_test.py | 1 + .../iam_avoid_root_usage_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + .../iam_check_saml_providers_sts_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + .../iam_disable_30_days_credentials_test.py | 1 + .../iam_disable_45_days_credentials_test.py | 1 + .../iam_disable_90_days_credentials_test.py | 1 + ..._policy_permissive_role_assumption_test.py | 1 + ...expired_server_certificates_stored_test.py | 1 + .../iam_no_root_access_key_test.py | 1 + ...s_passwords_within_90_days_or_less_test.py | 7 ++--- .../iam_password_policy_lowercase_test.py | 5 ++-- ..._password_policy_minimum_length_14_test.py | 7 ++--- .../iam_password_policy_number_test.py | 5 ++-- .../iam_password_policy_reuse_24_test.py | 1 + .../iam_password_policy_symbol_test.py | 5 ++-- .../iam_password_policy_uppercase_test.py | 1 + ...policy_allows_privilege_escalation_test.py | 1 + ...cy_attached_only_to_group_or_roles_test.py | 1 + ...olicy_no_full_access_to_cloudtrail_test.py | 1 + .../iam_policy_no_full_access_to_kms_test.py | 1 + ...ross_account_readonlyaccess_policy_test.py | 6 ++++- ...service_confused_deputy_prevention_test.py | 1 + .../iam_root_hardware_mfa_enabled_test.py | 5 ++-- .../iam_root_mfa_enabled_test.py | 1 + .../iam_rotate_access_key_90_days_test.py | 1 + .../iam_securityaudit_role_created_test.py | 1 + .../aws/services/iam/iam_service_test.py | 1 + .../iam_support_role_created_test.py | 1 + .../iam_user_hardware_mfa_enabled_test.py | 1 + ...am_user_mfa_enabled_console_access_test.py | 1 + ...m_user_no_setup_initial_access_key_test.py | 1 + .../iam_user_two_active_access_key_test.py | 1 + .../inspector2_findings_exist_test.py | 20 ++++++++++---- .../inspector2/inspector2_service_test.py | 1 + .../kms_cmk_are_used/kms_cmk_are_used_test.py | 1 + .../kms_cmk_rotation_enabled_test.py | 1 + .../kms_key_not_publicly_accessible_test.py | 1 + .../aws/services/kms/kms_service_test.py | 1 + .../macie_is_enabled/macie_is_enabled_test.py | 14 +++++++--- .../aws/services/macie/macie_service_test.py | 1 + .../networkfirewall_in_all_vpc_test.py | 1 + .../networkfirewall_service_test.py | 2 +- .../opensearch/opensearch_service_test.py | 1 + ...ions_account_part_of_organizations_test.py | 1 + ...nizations_delegated_administrators_test.py | 1 + ...ganizations_scp_check_deny_regions_test.py | 1 + .../organizations_service_test.py | 2 +- ...tags_policies_enabled_and_attached_test.py | 1 + .../rds_instance_backup_enabled_test.py | 1 + .../rds_instance_deletion_protection_test.py | 1 + ...instance_deprecated_engine_version_test.py | 1 + ...stance_enhanced_monitoring_enabled_test.py | 1 + ...stance_integration_cloudwatch_logs_test.py | 1 + ...ance_minor_version_upgrade_enabled_test.py | 1 + .../rds_instance_multi_az_test.py | 1 + .../rds_instance_no_public_access_test.py | 1 + .../rds_instance_storage_encrypted_test.py | 1 + .../rds_instance_transport_encrypted_test.py | 1 + .../aws/services/rds/rds_service_test.py | 1 + .../rds_snapshots_public_access_test.py | 1 + .../redshift/redshift_service_test.py | 1 + .../resourceexplorer2_indexes_found_test.py | 9 ++++++- .../resourceexplorer2_service_test.py | 2 +- ...e53_dangling_ip_subdomain_takeover_test.py | 1 + .../services/route53/route53_service_test.py | 1 + .../route53/route53domains_service_test.py | 1 + ...account_level_public_access_blocks_test.py | 1 + .../s3_bucket_acl_prohibited_test.py | 1 + .../s3_bucket_default_encryption_test.py | 1 + ...3_bucket_level_public_access_block_test.py | 1 + .../s3_bucket_no_mfa_delete_test.py | 1 + .../s3_bucket_object_lock_test.py | 1 + .../s3_bucket_object_versioning_test.py | 1 + ..._bucket_policy_public_write_access_test.py | 1 + .../s3_bucket_public_access_test.py | 1 + .../s3_bucket_secure_transport_policy_test.py | 1 + ...cket_server_access_logging_enabled_test.py | 1 + .../aws/services/s3/s3_service_test.py | 1 + .../sagemaker/sagemaker_service_test.py | 1 + .../secretsmanager_service_test.py | 1 + .../securityhub/securityhub_service_test.py | 1 + ...otection_in_associated_elastic_ips_test.py | 1 + ...otection_in_classic_load_balancers_test.py | 1 + ..._in_internet_facing_load_balancers_test.py | 1 + .../services/shield/shield_service_test.py | 1 + .../aws/services/sns/sns_service_test.py | 1 + .../aws/services/sqs/sqs_service_test.py | 1 + .../aws/services/ssm/ssm_service_test.py | 1 + .../ssmincidents_enabled_with_plans_test.py | 27 +++++++++++++++---- .../ssmincidents/ssmincidents_service_test.py | 2 +- .../trustedadvisor_service_test.py | 2 +- .../vpc_different_regions_test.py | 1 + ...point_connections_trust_boundaries_test.py | 1 + ...llowed_principals_trust_boundaries_test.py | 1 + .../vpc_flow_logs_enabled_test.py | 1 + ...outing_tables_with_least_privilege_test.py | 1 + .../aws/services/vpc/vpc_service_test.py | 1 + .../vpc_subnet_different_az_test.py | 1 + ...vpc_subnet_no_public_ip_by_default_test.py | 1 + ...vpc_subnet_separate_private_public_test.py | 1 + .../aws/services/waf/waf_service_test.py | 1 + .../aws/services/wafv2/wafv2_service_test.py | 1 + .../wellarchitected_service_test.py | 1 + .../workspaces/workspaces_service_test.py | 1 + ...s_vpc_2private_1public_subnets_nat_test.py | 1 + tests/providers/common/audit_info_test.py | 1 + tests/providers/common/common_outputs_test.py | 1 + ..._no_service_roles_at_project_level_test.py | 1 + 310 files changed, 496 insertions(+), 108 deletions(-) diff --git a/prowler/providers/aws/lib/audit_info/audit_info.py b/prowler/providers/aws/lib/audit_info/audit_info.py index 085d8c02df..665aa43bde 100644 --- a/prowler/providers/aws/lib/audit_info/audit_info.py +++ b/prowler/providers/aws/lib/audit_info/audit_info.py @@ -18,6 +18,7 @@ current_audit_info = AWS_Audit_Info( user_agent_extra=boto3_user_agent_extra, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition=None, audited_identity_arn=None, diff --git a/prowler/providers/aws/lib/audit_info/models.py b/prowler/providers/aws/lib/audit_info/models.py index 96a26dc01e..1b68fecb7c 100644 --- a/prowler/providers/aws/lib/audit_info/models.py +++ b/prowler/providers/aws/lib/audit_info/models.py @@ -37,6 +37,7 @@ class AWS_Audit_Info: # https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html session_config: Config audited_account: int + audited_account_arn: str audited_identity_arn: str audited_user_id: str audited_partition: str diff --git a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py index ab5c335713..19f1810822 100644 --- a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py +++ b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py @@ -9,6 +9,7 @@ class account_maintain_current_contact_details(Check): report = Check_Report_AWS(self.metadata()) report.region = account_client.region report.resource_id = account_client.audited_account + report.resource_arn = account_client.audited_account_arn report.status = "INFO" report.status_extended = "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information." return [report] diff --git a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py index e4a9a38cbc..5e41e8cd6b 100644 --- a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py +++ b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py @@ -9,6 +9,7 @@ class account_security_contact_information_is_registered(Check): report = Check_Report_AWS(self.metadata()) report.region = account_client.region report.resource_id = account_client.audited_account + report.resource_arn = account_client.audited_account_arn report.status = "INFO" report.status_extended = "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section." return [report] diff --git a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py index 6621e23e4f..5b51f7ffdf 100644 --- a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py +++ b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py @@ -9,6 +9,7 @@ class account_security_questions_are_registered_in_the_aws_account(Check): report = Check_Report_AWS(self.metadata()) report.region = account_client.region report.resource_id = account_client.audited_account + report.resource_arn = account_client.audited_account_arn report.status = "INFO" report.status_extended = "Manual check: Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions." return [report] diff --git a/prowler/providers/aws/services/account/account_service.py b/prowler/providers/aws/services/account/account_service.py index fc9962a659..70778206a3 100644 --- a/prowler/providers/aws/services/account/account_service.py +++ b/prowler/providers/aws/services/account/account_service.py @@ -7,6 +7,8 @@ class Account: self.service = "account" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py b/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py index 0e132a1814..21a0a18cbf 100644 --- a/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py +++ b/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py @@ -8,8 +8,8 @@ class backup_plans_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No Backup Plan Exist" - report.resource_arn = "" - report.resource_id = "Backups" + report.resource_arn = backup_client.audited_account_arn + report.resource_id = backup_client.audited_account report.region = backup_client.region if backup_client.backup_plans: report.status = "PASS" diff --git a/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py b/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py index b419673141..7a09973299 100644 --- a/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py +++ b/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.py @@ -10,8 +10,8 @@ class backup_reportplans_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No Backup Report Plan Exist" - report.resource_arn = "" - report.resource_id = "Backups" + report.resource_arn = backup_client.audited_account_arn + report.resource_id = backup_client.audited_account report.region = backup_client.region if backup_client.backup_report_plans: report.status = "PASS" diff --git a/prowler/providers/aws/services/backup/backup_service.py b/prowler/providers/aws/services/backup/backup_service.py index d8335ce842..48b4b31fef 100644 --- a/prowler/providers/aws/services/backup/backup_service.py +++ b/prowler/providers/aws/services/backup/backup_service.py @@ -15,6 +15,8 @@ class Backup: self.service = "backup" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, diff --git a/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py b/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py index 6d09e7d63e..5c55abbd6d 100644 --- a/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py +++ b/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py @@ -8,8 +8,8 @@ class backup_vaults_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No Backup Vault Exist" - report.resource_arn = "" - report.resource_id = "Backups" + report.resource_arn = backup_client.audited_account_arn + report.resource_id = backup_client.audited_account report.region = backup_client.region if backup_client.backup_vaults: report.status = "PASS" diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py index db01346765..d8dd901ebb 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py @@ -32,8 +32,8 @@ class cloudtrail_multi_region_enabled(Check): report.status_extended = ( "No CloudTrail trails enabled and logging were found" ) - report.resource_arn = "No trails" - report.resource_id = "No trails" + report.resource_arn = cloudtrail_client.audited_account_arn + report.resource_id = cloudtrail_client.audited_account # If there are no trails logging it is needed to store the FAIL once all the trails have been checked if report.status == "FAIL": findings.append(report) diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py index e8be4b1134..9f16101729 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py @@ -9,8 +9,8 @@ class cloudtrail_s3_dataevents_read_enabled(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = cloudtrail_client.region - report.resource_id = "No trails" - report.resource_arn = "No trails" + report.resource_arn = cloudtrail_client.audited_account_arn + report.resource_id = cloudtrail_client.audited_account report.status = "FAIL" report.status_extended = "No CloudTrail trails have a data event to record all S3 object-level API operations." for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py index 470aec9f7d..63f39cd114 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py @@ -9,8 +9,8 @@ class cloudtrail_s3_dataevents_write_enabled(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = cloudtrail_client.region - report.resource_id = "No trails" - report.resource_arn = "No trails" + report.resource_arn = cloudtrail_client.audited_account_arn + report.resource_id = cloudtrail_client.audited_account report.status = "FAIL" report.status_extended = "No CloudTrail trails have a data event to record all S3 object-level API operations." for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py index 9c20160acb..2a87944946 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py @@ -16,8 +16,9 @@ class Cloudtrail: self.service = "cloudtrail" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account - self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn + self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py index ed6ead4630..42777946f3 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_network_acls_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py index 2d1995d277..f0f0eb0b34 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_network_gateways_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py index b8bee1281a..af5b6b3bd7 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_network_route_tables_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py index bcd32328d0..961571cefe 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py @@ -21,6 +21,7 @@ class cloudwatch_changes_to_vpcs_alarm_configured(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py index d424cf531f..396d73337b 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py @@ -7,12 +7,14 @@ class cloudwatch_cross_account_sharing_disabled(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.status = "PASS" - report.status_extended = "CloudWatch doesn't allows cross-account sharing" - report.resource_id = "CloudWatch-CrossAccountSharingRole" + report.status_extended = "CloudWatch doesn't allow cross-account sharing" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account report.region = iam_client.region for role in iam_client.roles: if role.name == "CloudWatch-CrossAccountSharingRole": report.resource_arn = role.arn + report.resource_id = role.name report.status = "FAIL" report.status_extended = "CloudWatch has allowed cross-account sharing." findings.append(report) diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py index aaf14ebc71..cf3882a038 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py @@ -23,6 +23,7 @@ class cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_change ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py index e6cf16d71a..8fa43c4c3c 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py @@ -23,6 +23,7 @@ class cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_change ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py index 13e0cebb51..4796b2d84c 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_authentication_failures(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py index 3f2ae96fd3..18d8dc8a31 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_aws_organizations_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py index afadb54a00..a810db8c2c 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk(Chec ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py index 1b07b2108d..8a2edf16b9 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_for_s3_bucket_policy_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py index 57eff50eb5..03bcbb21a2 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_policy_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py index 7ac2e53dfe..1a58fdf3d5 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_root_usage(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py index 4234657c17..c4fe22f575 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_security_group_changes(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py index 905e95bd3b..448a30e7c8 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_sign_in_without_mfa(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py index 1dc261dd37..728c5814c8 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.py @@ -21,6 +21,7 @@ class cloudwatch_log_metric_filter_unauthorized_api_calls(Check): ) report.region = cloudwatch_client.region report.resource_id = cloudtrail_client.audited_account + report.resource_arn = cloudtrail_client.audited_account_arn # 1. Iterate for CloudWatch Log Group in CloudTrail trails log_groups = [] for trail in cloudtrail_client.trails: diff --git a/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py b/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py index 4907d43d9f..adfcfcc5ec 100644 --- a/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py +++ b/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.py @@ -8,7 +8,12 @@ class config_recorder_all_regions_enabled(Check): for recorder in config_client.recorders: report = Check_Report_AWS(self.metadata()) report.region = recorder.region - report.resource_id = "" if not recorder.name else recorder.name + report.resource_arn = ( + config_client.audited_account_arn + ) # Config Recorders do not have ARNs + report.resource_id = ( + config_client.audited_account if not recorder.name else recorder.name + ) # Check if Config is enabled in region if not recorder.name: report.status = "FAIL" diff --git a/prowler/providers/aws/services/config/config_service.py b/prowler/providers/aws/services/config/config_service.py index d94d077722..96f4761984 100644 --- a/prowler/providers/aws/services/config/config_service.py +++ b/prowler/providers/aws/services/config/config_service.py @@ -14,6 +14,8 @@ class Config: self.service = "config" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) self.recorders = [] diff --git a/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py b/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py index 924bbc5801..d7f4dd50e1 100644 --- a/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py +++ b/prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.py @@ -9,10 +9,10 @@ class drs_job_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "DRS is not enabled for this region." - report.resource_id = drs.id report.region = drs.region report.resource_tags = [] - report.resource_arn = "" + report.resource_arn = drs_client.audited_account_arn + report.resource_id = drs_client.audited_account if drs.status == "ENABLED": report.status_extended = "DRS is enabled for this region without jobs." if drs.jobs: diff --git a/prowler/providers/aws/services/drs/drs_service.py b/prowler/providers/aws/services/drs/drs_service.py index ea24736b2c..6b8bf341fc 100644 --- a/prowler/providers/aws/services/drs/drs_service.py +++ b/prowler/providers/aws/services/drs/drs_service.py @@ -16,6 +16,7 @@ class DRS: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, diff --git a/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py b/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py index 114cb098ac..1900853bfd 100644 --- a/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py +++ b/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py @@ -8,7 +8,8 @@ class ec2_ebs_default_encryption(Check): for ebs_encryption in ec2_client.ebs_encryption_by_default: report = Check_Report_AWS(self.metadata()) report.region = ebs_encryption.region - report.resource_id = "EBS Default Encryption" + report.resource_arn = ec2_client.audited_account_arn + report.resource_id = ec2_client.audited_account report.status = "FAIL" report.status_extended = "EBS Default Encryption is not activated." if ebs_encryption.status: diff --git a/prowler/providers/aws/services/ec2/ec2_service.py b/prowler/providers/aws/services/ec2/ec2_service.py index efca6a4f6e..a98c0347cc 100644 --- a/prowler/providers/aws/services/ec2/ec2_service.py +++ b/prowler/providers/aws/services/ec2/ec2_service.py @@ -17,6 +17,7 @@ class EC2: self.session = audit_info.audit_session self.audited_partition = audit_info.audited_partition self.audited_account = audit_info.audited_account + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) self.instances = [] diff --git a/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py b/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py index 505de8af4d..f84e003322 100644 --- a/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py +++ b/prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.py @@ -9,7 +9,7 @@ class emr_cluster_account_public_block_enabled(Check): report = Check_Report_AWS(self.metadata()) report.region = region report.resource_id = emr_client.audited_account - + report.resource_arn = emr_client.audited_account_arn if emr_client.block_public_access_configuration[ region ].block_public_security_group_rules: diff --git a/prowler/providers/aws/services/emr/emr_service.py b/prowler/providers/aws/services/emr/emr_service.py index 7721aeb9e4..6b5f579ddf 100644 --- a/prowler/providers/aws/services/emr/emr_service.py +++ b/prowler/providers/aws/services/emr/emr_service.py @@ -16,6 +16,8 @@ class EMR: self.service = "emr" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) self.clusters = {} diff --git a/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py b/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py index f724433389..d351d941aa 100644 --- a/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py +++ b/prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.py @@ -7,8 +7,8 @@ class fms_policy_compliant(Check): findings = [] if fms_client.fms_admin_account: report = Check_Report_AWS(self.metadata()) - report.resource_id = "FMS" - report.resource_arn = "" + report.resource_arn = fms_client.audited_account_arn + report.resource_id = fms_client.audited_account report.region = fms_client.region report.status = "PASS" report.status_extended = "FMS enabled with all compliant accounts" diff --git a/prowler/providers/aws/services/fms/fms_service.py b/prowler/providers/aws/services/fms/fms_service.py index d23a99ad3c..dc3e8dafdc 100644 --- a/prowler/providers/aws/services/fms/fms_service.py +++ b/prowler/providers/aws/services/fms/fms_service.py @@ -13,6 +13,7 @@ class FMS: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources global_client = generate_regional_clients( self.service, audit_info, global_service=True diff --git a/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py b/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py index b37941dff6..f03e0d19d2 100644 --- a/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py +++ b/prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py @@ -8,6 +8,7 @@ class glue_data_catalogs_connection_passwords_encryption_enabled(Check): for encryption in glue_client.catalog_encryption_settings: report = Check_Report_AWS(self.metadata()) report.resource_id = glue_client.audited_account + report.resource_arn = glue_client.audited_account_arn report.region = encryption.region report.status = "FAIL" report.status_extended = ( diff --git a/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py b/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py index 9392b2a0d0..73143a72e6 100644 --- a/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py +++ b/prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py @@ -8,6 +8,7 @@ class glue_data_catalogs_metadata_encryption_enabled(Check): for encryption in glue_client.catalog_encryption_settings: report = Check_Report_AWS(self.metadata()) report.resource_id = glue_client.audited_account + report.resource_arn = glue_client.audited_account_arn report.region = encryption.region report.status = "FAIL" report.status_extended = ( diff --git a/prowler/providers/aws/services/glue/glue_service.py b/prowler/providers/aws/services/glue/glue_service.py index 98aa3f75f0..eaa51ea27b 100644 --- a/prowler/providers/aws/services/glue/glue_service.py +++ b/prowler/providers/aws/services/glue/glue_service.py @@ -15,7 +15,8 @@ class Glue: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audit_resources = audit_info.audit_resources - self.audited_partition = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.connections = [] self.__threading_call__(self.__get_connections__) diff --git a/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py b/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py index 5aa92668df..9e1aa14e2f 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py @@ -7,7 +7,8 @@ class iam_password_policy_expires_passwords_within_90_days_or_less(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if password policy expiration exists diff --git a/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py b/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py index 0b37d3e39b..4a1ee576e8 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py @@ -7,7 +7,8 @@ class iam_password_policy_lowercase(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if lowercase flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py b/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py index d234515c36..8561e3d630 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py @@ -7,7 +7,8 @@ class iam_password_policy_minimum_length_14(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check password policy length diff --git a/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py b/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py index 6f730ec62e..9d355e9b9d 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py @@ -7,7 +7,8 @@ class iam_password_policy_number(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if number flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py b/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py index 8dbd9dee05..b248201ff3 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py @@ -7,7 +7,8 @@ class iam_password_policy_reuse_24(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if reuse prevention flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py b/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py index ebc8a2ba19..a2c895c143 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py @@ -7,7 +7,8 @@ class iam_password_policy_symbol(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if symbol flag is set diff --git a/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py b/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py index 09d0ae11ca..c986ed52b7 100644 --- a/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py +++ b/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py @@ -7,7 +7,8 @@ class iam_password_policy_uppercase(Check): findings = [] report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "password_policy" + report.resource_arn = iam_client.account_arn + report.resource_id = iam_client.account # Check if password policy exists if iam_client.password_policy: # Check if uppercase flag is set diff --git a/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py b/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py index 318ae02000..44e73f214e 100644 --- a/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py +++ b/prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py @@ -11,8 +11,8 @@ class iam_root_hardware_mfa_enabled(Check): virtual_mfa = False report = Check_Report_AWS(self.metadata()) report.region = iam_client.region - report.resource_id = "root" - report.resource_arn = f"arn:aws:iam::{iam_client.account}:root" + report.resource_id = "" + report.resource_arn = iam_client.account_arn if iam_client.account_summary["SummaryMap"]["AccountMFAEnabled"] > 0: virtual_mfas = iam_client.virtual_mfa_devices diff --git a/prowler/providers/aws/services/iam/iam_service.py b/prowler/providers/aws/services/iam/iam_service.py index e76c24335f..9174777fdb 100644 --- a/prowler/providers/aws/services/iam/iam_service.py +++ b/prowler/providers/aws/services/iam/iam_service.py @@ -54,6 +54,7 @@ class IAM: self.account = audit_info.audited_account self.audit_resources = audit_info.audit_resources self.partition = audit_info.audited_partition + self.account_arn = audit_info.audited_account_arn self.client = self.session.client(self.service) global_client = generate_regional_clients( self.service, audit_info, global_service=True diff --git a/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py b/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py index 85248a3b4d..f92f507a75 100644 --- a/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py +++ b/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py @@ -11,8 +11,8 @@ class inspector2_findings_exist(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "Inspector2 is not enabled." - report.resource_id = inspector.id - report.resource_arn = "" + report.resource_id = inspector2_client.audited_account + report.resource_arn = inspector2_client.audited_account_arn report.region = inspector.region if inspector.status == "ENABLED": active_findings = 0 diff --git a/prowler/providers/aws/services/inspector2/inspector2_service.py b/prowler/providers/aws/services/inspector2/inspector2_service.py index 69e410dfe9..bd59eb01b3 100644 --- a/prowler/providers/aws/services/inspector2/inspector2_service.py +++ b/prowler/providers/aws/services/inspector2/inspector2_service.py @@ -13,8 +13,9 @@ class Inspector2: self.service = "inspector2" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account - self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn + self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py b/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py index 0f6d2a9d18..64126db2de 100644 --- a/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py +++ b/prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py @@ -8,7 +8,8 @@ class macie_is_enabled(Check): for session in macie_client.sessions: report = Check_Report_AWS(self.metadata()) report.region = session.region - report.resource_id = "Macie" + report.resource_arn = macie_client.audited_account_arn + report.resource_id = macie_client.audited_account if session.status == "ENABLED": report.status = "PASS" report.status_extended = "Macie is enabled." diff --git a/prowler/providers/aws/services/macie/macie_service.py b/prowler/providers/aws/services/macie/macie_service.py index 2c444270e5..0ee185f3fd 100644 --- a/prowler/providers/aws/services/macie/macie_service.py +++ b/prowler/providers/aws/services/macie/macie_service.py @@ -12,6 +12,8 @@ class Macie: self.service = "macie2" self.session = audit_info.audit_session self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.sessions = [] self.__threading_call__(self.__get_macie_session__) diff --git a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py index f1394445a6..00da9d7908 100644 --- a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py +++ b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.py @@ -13,6 +13,7 @@ class resourceexplorer2_indexes_found(Check): report.region = resource_explorer_2_client.region report.resource_arn = "NoResourceExplorer" report.resource_id = resource_explorer_2_client.audited_account + report.resource_arn = resource_explorer_2_client.audited_account_arn if resource_explorer_2_client.indexes: report.region = resource_explorer_2_client.indexes[0].region report.resource_arn = resource_explorer_2_client.indexes[0].arn diff --git a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py index c37fa7e6fd..dbcb48cce3 100644 --- a/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py +++ b/prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py @@ -14,6 +14,8 @@ class ResourceExplorer2: self.session = audit_info.audit_session self.audit_resources = audit_info.audit_resources self.audited_account = audit_info.audited_account + self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, # we pick the first region from the regional clients list diff --git a/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py b/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py index 74910ffa4c..73bda6307c 100644 --- a/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py +++ b/prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py @@ -11,6 +11,7 @@ class s3_account_level_public_access_blocks(Check): report.status_extended = f"Block Public Access is not configured for the account {s3_client.audited_account}." report.region = s3control_client.region report.resource_id = s3_client.audited_account + report.resource_arn = s3_client.audited_account_arn if ( s3control_client.account_public_access_block and s3control_client.account_public_access_block.ignore_public_acls diff --git a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py index 34c8dc3ddf..e051740c64 100644 --- a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py +++ b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py @@ -17,6 +17,7 @@ class s3_bucket_public_access(Check): report.status_extended = "All S3 public access blocked at account level." report.region = s3control_client.region report.resource_id = s3_client.audited_account + report.resource_arn = s3_client.audited_account_arn findings.append(report) else: # 2. If public access is not blocked at account level, check it at each bucket level diff --git a/prowler/providers/aws/services/s3/s3_service.py b/prowler/providers/aws/services/s3/s3_service.py index a48dd98cf5..885156e190 100644 --- a/prowler/providers/aws/services/s3/s3_service.py +++ b/prowler/providers/aws/services/s3/s3_service.py @@ -19,6 +19,7 @@ class S3: self.audited_account = audit_info.audited_account self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.buckets = self.__list_buckets__(audit_info) self.__threading_call__(self.__get_bucket_versioning__) diff --git a/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py b/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py index 68a1d400c1..9abd68e5e4 100644 --- a/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py +++ b/prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.py @@ -10,7 +10,8 @@ class ssmincidents_enabled_with_plans(Check): report = Check_Report_AWS(self.metadata()) report.status = "FAIL" report.status_extended = "No SSM Incidents replication set exists." - report.resource_id = "SSMIncidents" + report.resource_arn = ssmincidents_client.audited_account_arn + report.resource_id = ssmincidents_client.audited_account report.region = ssmincidents_client.region if ssmincidents_client.replication_set: report.resource_arn = ssmincidents_client.replication_set[0].arn diff --git a/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py b/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py index a33c2ad807..e2d02adab1 100644 --- a/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py +++ b/prowler/providers/aws/services/ssmincidents/ssmincidents_service.py @@ -21,6 +21,7 @@ class SSMIncidents: self.session = audit_info.audit_session self.audited_account = audit_info.audited_account self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.audit_resources = audit_info.audit_resources self.regional_clients = generate_regional_clients(self.service, audit_info) # If the region is not set in the audit profile, diff --git a/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py b/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py index 6954126716..1e89438a93 100644 --- a/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py +++ b/prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.py @@ -14,6 +14,7 @@ class vpc_different_regions(Check): # This is a global check under the vpc service: region, resource_id and tags are not relevant here but we keep them for consistency report.region = vpc_client.region report.resource_id = vpc_client.audited_account + report.resource_arn = vpc_client.audited_account_arn report.status = "FAIL" report.status_extended = "VPCs found only in one region" if len(vpc_regions) > 1: diff --git a/prowler/providers/aws/services/vpc/vpc_service.py b/prowler/providers/aws/services/vpc/vpc_service.py index d9f03ea519..19954007f6 100644 --- a/prowler/providers/aws/services/vpc/vpc_service.py +++ b/prowler/providers/aws/services/vpc/vpc_service.py @@ -17,6 +17,7 @@ class VPC: self.audited_account = audit_info.audited_account self.audit_resources = audit_info.audit_resources self.audited_partition = audit_info.audited_partition + self.audited_account_arn = audit_info.audited_account_arn self.regional_clients = generate_regional_clients(self.service, audit_info) self.vpcs = {} self.vpc_peering_connections = [] diff --git a/prowler/providers/common/audit_info.py b/prowler/providers/common/audit_info.py index 6866dd6cb3..949fcf8ca6 100644 --- a/prowler/providers/common/audit_info.py +++ b/prowler/providers/common/audit_info.py @@ -135,6 +135,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE current_audit_info.audited_partition = parse_iam_credentials_arn( caller_identity["Arn"] ).partition + current_audit_info.audited_account_arn = f"arn:{current_audit_info.audited_partition}:iam::{current_audit_info.audited_account}:root" logger.info("Checking if organizations role assumption is needed ...") if organizations_role_arn: @@ -214,6 +215,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE current_audit_info.audit_session = assumed_session current_audit_info.audited_account = role_arn_parsed.account_id current_audit_info.audited_partition = role_arn_parsed.partition + current_audit_info.audited_account_arn = f"arn:{current_audit_info.audited_partition}:iam::{current_audit_info.audited_account}:root" else: logger.info("Audit session is the original one") current_audit_info.audit_session = current_audit_info.original_session diff --git a/tests/lib/check/check_test.py b/tests/lib/check/check_test.py index 3aecd55c9e..26746ea570 100644 --- a/tests/lib/check/check_test.py +++ b/tests/lib/check/check_test.py @@ -146,6 +146,7 @@ class Test_Check: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/lib/outputs/outputs_test.py b/tests/lib/outputs/outputs_test.py index ad025dd5d3..6958591031 100644 --- a/tests/lib/outputs/outputs_test.py +++ b/tests/lib/outputs/outputs_test.py @@ -83,6 +83,7 @@ class Test_Outputs: original_session=None, audit_session=None, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -355,6 +356,7 @@ class Test_Outputs: # original_session=None, # audit_session=None, # audited_account=AWS_ACCOUNT_ID, + # audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", # audited_identity_arn="test-arn", # audited_user_id="test", # audited_partition="aws", @@ -400,6 +402,7 @@ class Test_Outputs: original_session=None, audit_session=None, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -475,6 +478,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -524,6 +528,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -580,6 +585,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", @@ -687,6 +693,7 @@ class Test_Outputs: original_session=None, audit_session=session, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", diff --git a/tests/lib/outputs/slack_test.py b/tests/lib/outputs/slack_test.py index f0abc50d9f..befcafdf53 100644 --- a/tests/lib/outputs/slack_test.py +++ b/tests/lib/outputs/slack_test.py @@ -32,6 +32,7 @@ class Test_Slack_Integration: original_session=None, audit_session=None, audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_identity_arn="test-arn", audited_user_id="test", audited_partition="aws", diff --git a/tests/providers/aws/aws_provider_test.py b/tests/providers/aws/aws_provider_test.py index e443f5cf7c..68318557fd 100644 --- a/tests/providers/aws/aws_provider_test.py +++ b/tests/providers/aws/aws_provider_test.py @@ -44,6 +44,7 @@ class Test_AWS_Provider: original_session=session, audit_session=None, audited_account=None, + audited_account_arn=None, audited_partition=None, audited_identity_arn=None, audited_user_id=None, @@ -103,6 +104,7 @@ class Test_AWS_Provider: original_session=None, audit_session=session, audited_account=None, + audited_account_arn=None, audited_partition="aws", audited_identity_arn=None, audited_user_id=None, @@ -133,6 +135,7 @@ class Test_AWS_Provider: original_session=None, audit_session=session, audited_account=None, + audited_account_arn=None, audited_partition="aws", audited_identity_arn=None, audited_user_id=None, @@ -162,6 +165,7 @@ class Test_AWS_Provider: original_session=None, audit_session=session, audited_account=None, + audited_account_arn=None, audited_partition="aws-cn", audited_identity_arn=None, audited_user_id=None, diff --git a/tests/providers/aws/lib/allowlist/allowlist_test.py b/tests/providers/aws/lib/allowlist/allowlist_test.py index 353b6e27f8..00e440fd58 100644 --- a/tests/providers/aws/lib/allowlist/allowlist_test.py +++ b/tests/providers/aws/lib/allowlist/allowlist_test.py @@ -26,6 +26,7 @@ class Test_Allowlist: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py index 87c235b627..42825b2685 100644 --- a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py +++ b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py @@ -79,6 +79,7 @@ class Test_AccessAnalyzer_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/acm/acm_service_test.py b/tests/providers/aws/services/acm/acm_service_test.py index e9f941c00c..c7efdebff2 100644 --- a/tests/providers/aws/services/acm/acm_service_test.py +++ b/tests/providers/aws/services/acm/acm_service_test.py @@ -105,6 +105,7 @@ class Test_ACM_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py index d569e6588e..ac9f06210e 100644 --- a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py @@ -20,6 +20,7 @@ class Test_apigateway_authorizers_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py index 4cf96447f6..49ae52e2e0 100644 --- a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py @@ -20,6 +20,7 @@ class Test_apigateway_client_certificate_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py index 5545235f10..82536ffc74 100644 --- a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py @@ -19,6 +19,7 @@ class Test_apigateway_endpoint_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py index cbead893ee..a7d919fb8d 100644 --- a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py @@ -19,6 +19,7 @@ class Test_apigateway_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_service_test.py b/tests/providers/aws/services/apigateway/apigateway_service_test.py index 29a2733617..442aa9dde8 100644 --- a/tests/providers/aws/services/apigateway/apigateway_service_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_service_test.py @@ -19,6 +19,7 @@ class Test_APIGateway_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py index e9fc599de4..2dc6989332 100644 --- a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py @@ -19,6 +19,7 @@ class Test_apigateway_waf_acl_attached: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py index 541918d6c9..7dd46d2fc9 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py @@ -48,6 +48,7 @@ class Test_apigatewayv2_access_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py index 76b84d4f1c..113f393030 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py @@ -48,6 +48,7 @@ class Test_apigatewayv2_authorizers_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py index d2535271fe..072d8173a5 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py @@ -50,6 +50,7 @@ class Test_ApiGatewayV2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/appstream/appstream_service_test.py b/tests/providers/aws/services/appstream/appstream_service_test.py index b599b07505..3a3c139747 100644 --- a/tests/providers/aws/services/appstream/appstream_service_test.py +++ b/tests/providers/aws/services/appstream/appstream_service_test.py @@ -72,6 +72,7 @@ class Test_AppStream_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py index 1817b0de8e..5c3a939b9c 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py @@ -19,6 +19,7 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py index 559e478ed0..a08e901e31 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py @@ -19,6 +19,7 @@ class Test_autoscaling_group_multiple_az: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py index cb042d0ea5..b585e1cb33 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py @@ -21,6 +21,7 @@ class Test_AutoScaling_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py index 3eea78ac0b..a16f10d18a 100644 --- a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py @@ -34,6 +34,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/awslambda/awslambda_service_test.py b/tests/providers/aws/services/awslambda/awslambda_service_test.py index d4e09400c8..b8cbc7b184 100644 --- a/tests/providers/aws/services/awslambda/awslambda_service_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_service_test.py @@ -76,6 +76,7 @@ class Test_Lambda_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py b/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py index 5bde33d4e8..9317967aec 100644 --- a/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py +++ b/tests/providers/aws/services/backup/backup_plans_exist/backup_plans_exist_test.py @@ -4,11 +4,14 @@ from unittest import mock from prowler.providers.aws.services.backup.backup_service import BackupPlan AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_backup_plans_exist: def test_no_backup_plans(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [] with mock.patch( @@ -26,12 +29,14 @@ class Test_backup_plans_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "No Backup Plan Exist" - assert result[0].resource_id == "Backups" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_backup_plan(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [ BackupPlan( diff --git a/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py b/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py index d8cd2c0b70..210db21bea 100644 --- a/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py +++ b/tests/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist_test.py @@ -7,6 +7,7 @@ from prowler.providers.aws.services.backup.backup_service import ( ) AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_backup_reportplans_exist: @@ -30,6 +31,8 @@ class Test_backup_reportplans_exist: def test_no_backup_report_plans(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [ BackupPlan( @@ -58,12 +61,14 @@ class Test_backup_reportplans_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "No Backup Report Plan Exist" - assert result[0].resource_id == "Backups" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_backup_report_plan(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_plans = [ BackupPlan( diff --git a/tests/providers/aws/services/backup/backup_service_test.py b/tests/providers/aws/services/backup/backup_service_test.py index 9d1396c8fd..9b9d8dc54e 100644 --- a/tests/providers/aws/services/backup/backup_service_test.py +++ b/tests/providers/aws/services/backup/backup_service_test.py @@ -72,7 +72,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_Backup_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -83,6 +82,7 @@ class Test_Backup_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py b/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py index 4b374e3eb9..c816b45846 100644 --- a/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py +++ b/tests/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist_test.py @@ -3,11 +3,14 @@ from unittest import mock from prowler.providers.aws.services.backup.backup_service import BackupVault AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_backup_vaults_exist: def test_no_backup_vaults(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_vaults = [] with mock.patch( @@ -25,12 +28,14 @@ class Test_backup_vaults_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "No Backup Vault Exist" - assert result[0].resource_id == "Backups" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_backup_vault(self): backup_client = mock.MagicMock + backup_client.audited_account = AWS_ACCOUNT_NUMBER + backup_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" backup_client.region = AWS_REGION backup_client.backup_vaults = [ BackupVault( diff --git a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py index cd8697a320..04279d3370 100644 --- a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py +++ b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py @@ -143,6 +143,7 @@ class Test_CloudFormation_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition=None, audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py index ff25c0de9c..53828408f2 100644 --- a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py +++ b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py @@ -164,6 +164,7 @@ class Test_CloudFront_Service: region_name=AWS_REGION, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py index 2c022c6e00..72ee7922b4 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py @@ -25,6 +25,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py index 29851deca1..f1f2bfbf28 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudtrail_cloudwatch_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py index 3debb85f76..2d52893425 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_insights_exist: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py index cfc3388434..50fc6f57c6 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_kms_encryption_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py index 24fe765c88..221188a575 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_log_file_validation_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py index 99a6d1e2d6..1578421893 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py index 5c7ff94e3b..75a3c66c78 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py index a05524c328..088a798ab3 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudtrail_multi_region_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -63,8 +64,10 @@ class Test_cloudtrail_multi_region_enabled: "No CloudTrail trails enabled and logging were found", report.status_extended, ) - assert report.resource_id == "No trails" - assert report.resource_arn == "No trails" + assert report.resource_id == AWS_ACCOUNT_NUMBER + assert ( + report.resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -117,8 +120,10 @@ class Test_cloudtrail_multi_region_enabled: "No CloudTrail trails enabled and logging were found", report.status_extended, ) - assert report.resource_id == "No trails" - assert report.resource_arn == "No trails" + assert report.resource_id == AWS_ACCOUNT_NUMBER + assert ( + report.resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -182,8 +187,11 @@ class Test_cloudtrail_multi_region_enabled: "No CloudTrail trails enabled and logging were found", report.status_extended, ) - assert report.resource_id == "No trails" - assert report.resource_arn == "No trails" + assert report.resource_id == AWS_ACCOUNT_NUMBER + assert ( + report.resource_arn + == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py index e2909eb0e1..2ce72f24a1 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_s3_dataevents_read_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -54,7 +55,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), @@ -73,8 +73,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -110,7 +112,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), @@ -129,8 +130,10 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -166,7 +169,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), @@ -222,7 +224,6 @@ class Test_cloudtrail_s3_dataevents_read_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ): - with mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_s3_dataevents_read_enabled.cloudtrail_s3_dataevents_read_enabled.cloudtrail_client", new=Cloudtrail(current_audit_info), diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py index 9af88929b5..4d1c31d1d4 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudtrail_s3_dataevents_write_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -72,8 +73,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 @@ -126,8 +129,10 @@ class Test_cloudtrail_s3_dataevents_write_enabled: "No CloudTrail trails have a data event to record all S3 object-level API operations.", result[0].status_extended, ) - assert result[0].resource_id == "No trails" - assert result[0].resource_arn == "No trails" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert ( + result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) @mock_cloudtrail @mock_s3 diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py index 111aca80b6..c3adb01c88 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py @@ -18,6 +18,7 @@ class Test_Cloudtrail_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py index e1d9d30b97..e688633a77 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py index 032aca5c3a..b7abe6e207 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py index d68d401c21..1c00c5f645 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py index 8f8b07a9aa..e99aad8b68 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py index cc60c6780a..669b92b406 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py @@ -19,6 +19,7 @@ class Test_cloudwatch_cross_account_sharing_disabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -68,9 +69,9 @@ class Test_cloudwatch_cross_account_sharing_disabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == "CloudWatch doesn't allows cross-account sharing" + == "CloudWatch doesn't allow cross-account sharing" ) - assert result[0].resource_id == "CloudWatch-CrossAccountSharingRole" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_cloudwatch_log_group_with_cross_account_role(self): diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py index ed4d344833..60991461bd 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py index 8b3a57d673..88f218a1eb 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py @@ -21,6 +21,7 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index f7aac5160c..833c8ee77d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -19,6 +19,7 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py index c1dc22d1ad..e5660c8787 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py index fa5ad89bac..cd8f44ba96 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py index 8bf096c970..0fc548c107 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_authentication_failures: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py index c3631e7fc4..2458d56eb3 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py index c562a53644..9bd2a8944a 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py index a1349169d5..36a616b74a 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py index 5525e683f6..28bc448e8c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py index e74ead5f20..65cd8820ca 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_root_usage: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py index ba2f77c40f..764e5271a8 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py index 5872591510..844dfd1b89 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py index 5dc90deee5..b5d0fae394 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py @@ -20,6 +20,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index 92ee15dd0a..33690eabca 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -23,6 +23,7 @@ class Test_CloudWatch_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py index 689f38007c..434fc254eb 100644 --- a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py +++ b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py @@ -112,6 +112,7 @@ class Test_CodeArtifact_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/codebuild/codebuild_service_test.py b/tests/providers/aws/services/codebuild/codebuild_service_test.py index 81a97e35dd..bc71422b0d 100644 --- a/tests/providers/aws/services/codebuild/codebuild_service_test.py +++ b/tests/providers/aws/services/codebuild/codebuild_service_test.py @@ -61,6 +61,7 @@ class Test_Codebuild_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py index 1179ff9f2b..44f68436ed 100644 --- a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py +++ b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py @@ -19,6 +19,7 @@ class Test_config_recorder_all_regions_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/config/config_service_test.py b/tests/providers/aws/services/config/config_service_test.py index 11386a495f..4beeab168c 100644 --- a/tests/providers/aws/services/config/config_service_test.py +++ b/tests/providers/aws/services/config/config_service_test.py @@ -19,6 +19,7 @@ class Test_Config_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py index e63ebbe96a..7f26ec87bc 100644 --- a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py +++ b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py @@ -127,6 +127,7 @@ class Test_DirectoryService_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py b/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py index 4cda2c8be3..caf9f7147d 100644 --- a/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py +++ b/tests/providers/aws/services/drs/drs_job_exist/drs_job_exist_test.py @@ -4,11 +4,14 @@ from prowler.providers.aws.services.drs.drs_service import DRSservice, Job AWS_REGION = "eu-west-1" JOB_ARN = "arn:aws:drs:eu-west-1:123456789012:job/12345678901234567890123456789012" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_drs_job_exist: def test_drs_job_exist(self): drs_client = mock.MagicMock + drs_client.audited_account = AWS_ACCOUNT_NUMBER + drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" drs_client.region = AWS_REGION drs_client.drs_services = [ DRSservice( @@ -43,13 +46,15 @@ class Test_drs_job_exist: assert ( result[0].status_extended == "DRS is enabled for this region with jobs." ) - assert result[0].resource_id == "DRS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION assert result[0].resource_tags == [] def test_drs_no_jobs(self): drs_client = mock.MagicMock + drs_client.audited_account = AWS_ACCOUNT_NUMBER + drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" drs_client.region = AWS_REGION drs_client.drs_services = [ DRSservice( @@ -77,13 +82,15 @@ class Test_drs_job_exist: result[0].status_extended == "DRS is enabled for this region without jobs." ) - assert result[0].resource_id == "DRS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION assert result[0].resource_tags == [] def test_drs_disabled(self): drs_client = mock.MagicMock + drs_client.audited_account = AWS_ACCOUNT_NUMBER + drs_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" drs_client.region = AWS_REGION drs_client.drs_services = [ DRSservice( @@ -108,7 +115,7 @@ class Test_drs_job_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "DRS is not enabled for this region." - assert result[0].resource_id == "DRS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION assert result[0].resource_tags == [] diff --git a/tests/providers/aws/services/drs/drs_service_test.py b/tests/providers/aws/services/drs/drs_service_test.py index 5211afca9a..ea1f10f5a3 100644 --- a/tests/providers/aws/services/drs/drs_service_test.py +++ b/tests/providers/aws/services/drs/drs_service_test.py @@ -55,7 +55,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_DRS_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -66,6 +65,7 @@ class Test_DRS_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py index 67b63d643e..acda5062ec 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py @@ -20,6 +20,7 @@ class Test_dynamodb_accelerator_cluster_encryption_enabled: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py index 509929c2f1..8cd6d3cc3c 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py @@ -19,6 +19,7 @@ class Test_DynamoDB_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py index 2d64c00ce3..fe4ae0f8fe 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py @@ -20,6 +20,7 @@ class Test_dynamodb_tables_kms_cmk_encryption_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py index f8b52d2ea5..8527af7aa5 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py @@ -20,6 +20,7 @@ class Test_dynamodb_tables_pitr_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py index 1f7746b420..a6d52f0f72 100644 --- a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py +++ b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py @@ -20,6 +20,7 @@ class Test_ec2_ami_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py index 7fed58718b..fdca3fa79f 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py @@ -21,6 +21,7 @@ class Test_ec2_ebs_default_encryption: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py index 8921e9e1c8..f389aad0e5 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py @@ -30,6 +30,7 @@ class Test_ec2_ebs_public_snapshot: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py index 76c90577f2..84cb6956f4 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py @@ -30,6 +30,7 @@ class Test_ec2_ebs_snapshots_encrypted: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py index 6b45a75e47..7b13c2755c 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py @@ -19,6 +19,7 @@ class Test_ec2_ebs_volume_encryption: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py index 0ba734ac57..7d6a68fc05 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py @@ -21,6 +21,7 @@ class Test_ec2_elastic_ip_shodan: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py index e59796c349..6ec6068190 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py @@ -21,6 +21,7 @@ class Test_ec2_elastic_ip_unassgined: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py index f0a3a41496..91fa3cc9fc 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_imdsv2_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py index b3fdde05a5..e91a268ff1 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_internet_facing_with_instance_profile: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py index 75ad5c4eba..2d934ebb12 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py @@ -23,6 +23,7 @@ class Test_ec2_instance_older_than_specific_days: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py index bf0e168bb6..62323ef6f5 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_profile_attached: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py index 22f13d91f1..c4959f80ec 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py @@ -21,6 +21,7 @@ class Test_ec2_instance_public_ip: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py index e485ade487..2ea7b5a0e7 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py @@ -20,6 +20,7 @@ class Test_ec2_instance_secrets_user_data: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py index 980b53e698..9627f7c2b0 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py @@ -19,6 +19,7 @@ class ec2_networkacl_allow_ingress_any_port: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py index e25a93f7bf..6ba3e2b235 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py @@ -19,6 +19,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py index 689e18f2f1..86018ac177 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py @@ -19,6 +19,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py index 3d08d1c50f..b21fb1ace0 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py index 2c015d6e0e..ec4bf65b6d 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py index 44a91a08e0..6e28f9ad62 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py index 35382aba65..0db687d103 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py index 72c24a7054..f2ae348434 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py index 883cacffc3..e58e6fcd52 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py index e65bb902d1..d848d25483 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py index 1e430970fb..c5b9784196 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py index 1cd9e282c6..054d859668 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py index 91f08a0c48..506a8df295 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py index 42c063623e..df0220d9f9 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py index ef3dfaee3b..ae70209dc3 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54 botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py index 040715c2c8..ac2fcab7e0 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py index b798f8a1c4..a52cfe773b 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py @@ -20,6 +20,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_ botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py index 6e7a09cdea..ed02120f18 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py index bdd72b5cf6..ee22238a12 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_allow_wide_open_public_ipv4: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py index c558a7edc8..c9244c4cee 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py @@ -19,6 +19,7 @@ class Test_ec2_securitygroup_default_restrict_traffic: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py index 377ad58603..ffb119be63 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py @@ -21,6 +21,7 @@ class Test_ec2_securitygroup_from_launch_wizard: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py index 4dfa3b39b4..18ed73e70e 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py @@ -21,6 +21,7 @@ class Test_ec2_securitygroup_not_used: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py index 283a1b5f58..2f89973a8c 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py @@ -20,6 +20,7 @@ class Test_ec2_securitygroup_with_many_ingress_egress_rules: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ec2/ec2_service_test.py b/tests/providers/aws/services/ec2/ec2_service_test.py index d701cd11f1..7d3616431b 100644 --- a/tests/providers/aws/services/ec2/ec2_service_test.py +++ b/tests/providers/aws/services/ec2/ec2_service_test.py @@ -28,6 +28,7 @@ class Test_EC2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ecr/ecr_service_test.py b/tests/providers/aws/services/ecr/ecr_service_test.py index 2a4b98b44e..3edac35246 100644 --- a/tests/providers/aws/services/ecr/ecr_service_test.py +++ b/tests/providers/aws/services/ecr/ecr_service_test.py @@ -104,6 +104,7 @@ class Test_ECR_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ecs/ecs_service_test.py b/tests/providers/aws/services/ecs/ecs_service_test.py index a2024cb0ab..9ce3e877ee 100644 --- a/tests/providers/aws/services/ecs/ecs_service_test.py +++ b/tests/providers/aws/services/ecs/ecs_service_test.py @@ -31,6 +31,7 @@ class Test_ECS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/efs/efs_service_test.py b/tests/providers/aws/services/efs/efs_service_test.py index 612a12b2c3..f95d2fde25 100644 --- a/tests/providers/aws/services/efs/efs_service_test.py +++ b/tests/providers/aws/services/efs/efs_service_test.py @@ -63,6 +63,7 @@ class Test_EFS: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/eks/eks_service_test.py b/tests/providers/aws/services/eks/eks_service_test.py index 089bd39f53..55127e6bea 100644 --- a/tests/providers/aws/services/eks/eks_service_test.py +++ b/tests/providers/aws/services/eks/eks_service_test.py @@ -36,6 +36,7 @@ class Test_EKS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py index c3de32b208..7c2e91dc70 100644 --- a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py @@ -20,6 +20,7 @@ class Test_elb_insecure_ssl_ciphers: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py index 976bf0761c..ccec367f2c 100644 --- a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py +++ b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py @@ -20,6 +20,7 @@ class Test_elb_request_smugling: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py index 4a42d4759f..c163dd2788 100644 --- a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py +++ b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py @@ -20,6 +20,7 @@ class Test_elb_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_service_test.py b/tests/providers/aws/services/elb/elb_service_test.py index 0e397448e8..4792dd59f1 100644 --- a/tests/providers/aws/services/elb/elb_service_test.py +++ b/tests/providers/aws/services/elb/elb_service_test.py @@ -19,6 +19,7 @@ class Test_ELB_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py index d9622b8244..5531d1618f 100644 --- a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py +++ b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py @@ -20,6 +20,7 @@ class Test_elb_ssl_listeners: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py index 869bcb570e..86ff9059b9 100644 --- a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py @@ -20,6 +20,7 @@ class Test_elbv2_deletion_protection: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py index 6ea1aa33f4..248fea358d 100644 --- a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py @@ -20,6 +20,7 @@ class Test_elbv2_desync_mitigation_mode: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py index ed41c06f78..5f8261679e 100644 --- a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py @@ -20,6 +20,7 @@ class Test_elbv2_insecure_ssl_ciphers: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py index 0bd42c730d..e0a3e5a896 100644 --- a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py @@ -20,6 +20,7 @@ class Test_elbv2_internet_facing: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py index 17d484467d..a07110e2f2 100644 --- a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py @@ -20,6 +20,7 @@ class Test_elbv2_listeners_underneath: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py index 9fbf96ed08..397edc839e 100644 --- a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py @@ -20,6 +20,7 @@ class Test_elbv2_logging_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_service_test.py b/tests/providers/aws/services/elbv2/elbv2_service_test.py index df54d2be72..c14ac45507 100644 --- a/tests/providers/aws/services/elbv2/elbv2_service_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_service_test.py @@ -19,6 +19,7 @@ class Test_ELBv2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py index 7dc0571868..b17a7789d0 100644 --- a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py @@ -20,6 +20,7 @@ class Test_elbv2_ssl_listeners: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py index 48e0a5d5e2..0786236f0f 100644 --- a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py @@ -42,6 +42,7 @@ class Test_elbv2_waf_acl_attached: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py index 58a781f893..129ca6010d 100644 --- a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py +++ b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py @@ -22,6 +22,7 @@ class Test_emr_cluster_publicly_accesible: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/emr/emr_service_test.py b/tests/providers/aws/services/emr/emr_service_test.py index e6eb30731a..92c354fadf 100644 --- a/tests/providers/aws/services/emr/emr_service_test.py +++ b/tests/providers/aws/services/emr/emr_service_test.py @@ -58,6 +58,7 @@ class Test_EMR_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py b/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py index 1a1592aa7b..9466ab5ef3 100644 --- a/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py +++ b/tests/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant_test.py @@ -6,6 +6,7 @@ from prowler.providers.aws.services.fms.fms_service import ( ) AWS_REGION = "us-east-1" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_fms_policy_compliant: @@ -29,6 +30,8 @@ class Test_fms_policy_compliant: def test_fms_admin_with_non_compliant_policies(self): fms_client = mock.MagicMock + fms_client.audited_account = AWS_ACCOUNT_NUMBER + fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" fms_client.region = AWS_REGION fms_client.fms_admin_account = True fms_client.fms_policies = [ @@ -73,6 +76,8 @@ class Test_fms_policy_compliant: def test_fms_admin_with_compliant_policies(self): fms_client = mock.MagicMock + fms_client.audited_account = AWS_ACCOUNT_NUMBER + fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" fms_client.region = AWS_REGION fms_client.fms_admin_account = True fms_client.fms_policies = [ @@ -110,12 +115,14 @@ class Test_fms_policy_compliant: assert ( result[0].status_extended == "FMS enabled with all compliant accounts" ) - assert result[0].resource_id == "FMS" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_fms_admin_with_non_and_compliant_policies(self): fms_client = mock.MagicMock + fms_client.audited_account = AWS_ACCOUNT_NUMBER + fms_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" fms_client.region = AWS_REGION fms_client.fms_admin_account = True fms_client.fms_policies = [ diff --git a/tests/providers/aws/services/fms/fms_service_test.py b/tests/providers/aws/services/fms/fms_service_test.py index 9947cccd3f..6cdf26b26c 100644 --- a/tests/providers/aws/services/fms/fms_service_test.py +++ b/tests/providers/aws/services/fms/fms_service_test.py @@ -64,7 +64,6 @@ def mock_make_api_call(self, operation_name, kwargs): # Patch every AWS call using Boto3 @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) class Test_FMS_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -75,6 +74,7 @@ class Test_FMS_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/glacier/glacier_service_test.py b/tests/providers/aws/services/glacier/glacier_service_test.py index e940cd3717..460ce0b2b5 100644 --- a/tests/providers/aws/services/glacier/glacier_service_test.py +++ b/tests/providers/aws/services/glacier/glacier_service_test.py @@ -85,6 +85,7 @@ class Test_Glacier_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py index 086c720ef6..60bdc25d3a 100644 --- a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py +++ b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py @@ -59,6 +59,7 @@ class Test_GlobalAccelerator_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/glue/glue_service_test.py b/tests/providers/aws/services/glue/glue_service_test.py index 1fb15f1e7b..42f78ce42d 100644 --- a/tests/providers/aws/services/glue/glue_service_test.py +++ b/tests/providers/aws/services/glue/glue_service_test.py @@ -127,6 +127,7 @@ class Test_Glue_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/guardduty/guardduty_service_test.py b/tests/providers/aws/services/guardduty/guardduty_service_test.py index 55f64c706e..e1bf6bd9e9 100644 --- a/tests/providers/aws/services/guardduty/guardduty_service_test.py +++ b/tests/providers/aws/services/guardduty/guardduty_service_test.py @@ -69,6 +69,7 @@ class Test_GuardDuty_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py index e671ee2640..3ed572dc24 100644 --- a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py +++ b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py @@ -23,6 +23,7 @@ class Test_iam_administrator_access_with_mfa_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py index 2e1c4378b7..f5539eac4f 100644 --- a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py +++ b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py @@ -24,6 +24,7 @@ class Test_iam_avoid_root_usage: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py index 03444a8e0c..ca34c3231e 100644 --- a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py @@ -19,6 +19,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py index 206310e793..b86cf7cc92 100644 --- a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py +++ b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py @@ -21,6 +21,7 @@ class Test_iam_check_saml_providers_sts: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py index a3e321a14b..b90678af0c 100644 --- a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py @@ -20,6 +20,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py index ab915e787a..b332473613 100644 --- a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py @@ -20,6 +20,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py index a9dff56261..e1c0974bee 100644 --- a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py @@ -23,6 +23,7 @@ class Test_iam_disable_30_days_credentials_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py index 2cb37f8b2b..3ac41b4d60 100644 --- a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py @@ -23,6 +23,7 @@ class Test_iam_disable_45_days_credentials_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py index 72a1c811e0..df5f991f8c 100644 --- a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py @@ -23,6 +23,7 @@ class Test_iam_disable_90_days_credentials_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py index 1205627f45..77656567fc 100644 --- a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py +++ b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py @@ -23,6 +23,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py index 5025cdd051..5b54791597 100644 --- a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py +++ b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py @@ -22,6 +22,7 @@ class Test_iam_no_expired_server_certificates_stored_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py index 101ee2a0b6..dc9666017b 100644 --- a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py @@ -22,6 +22,7 @@ class Test_iam_no_root_access_key_test: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py index 29c533338c..ce719683cd 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py @@ -22,6 +22,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -68,7 +69,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: check = iam_password_policy_expires_passwords_within_90_days_or_less() result = check.execute() assert result[0].status == "PASS" - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert search( "Password expiration is set lower than 90 days", result[0].status_extended, @@ -107,7 +108,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: check = iam_password_policy_expires_passwords_within_90_days_or_less() result = check.execute() assert result[0].status == "FAIL" - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert search( "Password expiration is set greater than 90 days", result[0].status_extended, @@ -146,7 +147,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: check = iam_password_policy_expires_passwords_within_90_days_or_less() result = check.execute() assert result[0].status == "PASS" - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert search( "Password expiration is set lower than 90 days", result[0].status_extended, diff --git a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py index 229fd24354..d3b1a62a86 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_lowercase: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_lowercase: "IAM password policy does not require at least one lowercase letter.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_lowercase_flag(self): @@ -93,4 +94,4 @@ class Test_iam_password_policy_lowercase: "IAM password policy requires at least one lowercase letter.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py index 31a85bc335..8b55dde656 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_minimum_length_14: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_minimum_length_14: "IAM password policy requires minimum length of 14 characters.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_minimum_length_greater_14(self): @@ -93,7 +94,7 @@ class Test_iam_password_policy_minimum_length_14: "IAM password policy requires minimum length of 14 characters.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_minimum_length_less_14(self): @@ -124,4 +125,4 @@ class Test_iam_password_policy_minimum_length_14: "IAM password policy does not require minimum length of 14 characters.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py index 2c20acc0d5..c11057ad3a 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_number: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_number: "IAM password policy does not require at least one number.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_number_flag(self): @@ -93,4 +94,4 @@ class Test_iam_password_policy_number: "IAM password policy requires at least one number.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py index 8a50766b81..9741aa4a9a 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py @@ -18,6 +18,7 @@ class Test_iam_password_policy_reuse_24: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py index 6d78118d5e..b95f3d5c7f 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py @@ -19,6 +19,7 @@ class Test_iam_password_policy_symbol: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -62,7 +63,7 @@ class Test_iam_password_policy_symbol: "IAM password policy does not require at least one symbol.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER @mock_iam def test_iam_password_policy_symbol_flag(self): @@ -93,4 +94,4 @@ class Test_iam_password_policy_symbol: "IAM password policy requires at least one symbol.", result[0].status_extended, ) - assert result[0].resource_id == "password_policy" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py index 6e8bdee886..764c6532e5 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py @@ -18,6 +18,7 @@ class Test_iam_password_policy_uppercase: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py index cb4d00f5dd..0a28fccaca 100644 --- a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py +++ b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py @@ -20,6 +20,7 @@ class Test_iam_policy_allows_privilege_escalation: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py index 64ad443838..be1021b7dc 100644 --- a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py +++ b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py @@ -20,6 +20,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py index 54196bd6d3..3e4757b8c8 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py @@ -19,6 +19,7 @@ class Test_iam_policy_no_full_access_to_cloudtrail: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py index c40051df3e..bd62865b7b 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py @@ -19,6 +19,7 @@ class Test_iam_policy_no_full_access_to_kms: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py index 53cf3403bd..122feb5f08 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py @@ -21,6 +21,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: botocore_session=None, ), audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -271,7 +272,10 @@ class Test_iam_role_cross_account_readonlyaccess_policy: ) with mock.patch( - "prowler.providers.aws.services.iam.iam_role_cross_account_readonlyaccess_policy.iam_role_cross_account_readonlyaccess_policy.iam_client", + "prowler.providers.aws.services.iam.iam_service.IAM", + new=iam_client, + ), mock.patch( + "prowler.providers.aws.services.iam.iam_client.iam_client", new=iam_client, ): # Test Check diff --git a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py index 4c6cab9b47..9d06185233 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py @@ -21,6 +21,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: botocore_session=None, ), audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py index d710fcd07c..96352c4aa0 100644 --- a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py @@ -19,6 +19,7 @@ class Test_iam_root_hardware_mfa_enabled_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -64,7 +65,7 @@ class Test_iam_root_hardware_mfa_enabled_test: "Root account has a virtual MFA instead of a hardware MFA device enabled.", result[0].status_extended, ) - assert result[0].resource_id == "root" + assert result[0].resource_id == "" @mock_iam def test_root_hardware_virtual_hardware_mfa_enabled(self): @@ -97,7 +98,7 @@ class Test_iam_root_hardware_mfa_enabled_test: "Root account has a hardware MFA device enabled.", result[0].status_extended, ) - assert result[0].resource_id == "root" + assert result[0].resource_id == "" assert ( result[0].resource_arn == f"arn:aws:iam::{service_client.account}:root" ) diff --git a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py index 4596e02a17..2582efa214 100644 --- a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py @@ -19,6 +19,7 @@ class Test_iam_root_mfa_enabled_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py index 4606b919cf..d0551924b9 100644 --- a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py +++ b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py @@ -19,6 +19,7 @@ class Test_iam_rotate_access_key_90_days_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py index ba5fd5dc13..8049cb703e 100644 --- a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py @@ -22,6 +22,7 @@ class Test_iam_securityaudit_role_created: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index 18969a7a2e..e83a089244 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -22,6 +22,7 @@ class Test_IAM_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py index 926f12319a..fe025f5bb9 100644 --- a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py @@ -20,6 +20,7 @@ class Test_iam_support_role_created: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py index 813650c1db..bf3b689479 100644 --- a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py @@ -19,6 +19,7 @@ class Test_iam_user_hardware_mfa_enabled_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py index 9d8d1fc8a1..4666b2039f 100644 --- a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py +++ b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py @@ -18,6 +18,7 @@ class Test_iam_user_mfa_enabled_console_access_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py index ef72e397fd..0fae473517 100644 --- a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py @@ -20,6 +20,7 @@ class Test_iam_user_no_setup_initial_access_key_test: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py index 4f99a8d6ce..909e69067c 100644 --- a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py @@ -19,6 +19,7 @@ class Test_iam_user_two_active_access_key: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py b/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py index c27761eb8c..cb87aa75e2 100644 --- a/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py @@ -16,6 +16,8 @@ class Test_inspector2_findings_exist: def test_inspector2_disabled(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -38,12 +40,14 @@ class Test_inspector2_findings_exist: assert result[0].status == "FAIL" assert result[0].status_extended == "Inspector2 is not enabled." assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_no_finding(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -66,12 +70,14 @@ class Test_inspector2_findings_exist: assert result[0].status == "PASS" assert result[0].status_extended == "Inspector2 is enabled with no findings" assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_with_no_active_finding(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -109,12 +115,14 @@ class Test_inspector2_findings_exist: == "Inspector2 is enabled with no active findings" ) assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_with_active_finding(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -151,12 +159,14 @@ class Test_inspector2_findings_exist: result[0].status_extended == "There are 1 ACTIVE Inspector2 findings." ) assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION def test_enabled_with_active_and_closed_findings(self): # Mock the inspector2 client inspector2_client = mock.MagicMock + inspector2_client.audited_account = AWS_ACCOUNT_ID + inspector2_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( @@ -200,5 +210,5 @@ class Test_inspector2_findings_exist: result[0].status_extended == "There are 1 ACTIVE Inspector2 findings." ) assert result[0].resource_id == AWS_ACCOUNT_ID - assert result[0].resource_arn == "" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_ID}:root" assert result[0].region == AWS_REGION diff --git a/tests/providers/aws/services/inspector2/inspector2_service_test.py b/tests/providers/aws/services/inspector2/inspector2_service_test.py index c49512c017..ae95e1b189 100644 --- a/tests/providers/aws/services/inspector2/inspector2_service_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_service_test.py @@ -91,6 +91,7 @@ class Test_Inspector2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py index 650513cf0b..78f5eec170 100644 --- a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py @@ -19,6 +19,7 @@ class Test_kms_cmk_are_used: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py index 4ce1591398..987ab5c96d 100644 --- a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py @@ -19,6 +19,7 @@ class Test_kms_cmk_rotation_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py index 3beb3250e3..de4e98d3f9 100644 --- a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py @@ -20,6 +20,7 @@ class Test_kms_key_not_publicly_accessible: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/kms/kms_service_test.py b/tests/providers/aws/services/kms/kms_service_test.py index ed60d59ad5..c35c7891cc 100644 --- a/tests/providers/aws/services/kms/kms_service_test.py +++ b/tests/providers/aws/services/kms/kms_service_test.py @@ -21,6 +21,7 @@ class Test_ACM_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py b/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py index ad21520e54..429687fade 100644 --- a/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py +++ b/tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py @@ -2,10 +2,14 @@ from unittest import mock from prowler.providers.aws.services.macie.macie_service import Session +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_macie_is_enabled: def test_macie_disabled(self): macie_client = mock.MagicMock + macie_client.audited_account = AWS_ACCOUNT_NUMBER + macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" macie_client.sessions = [ Session( status="DISABLED", @@ -27,10 +31,12 @@ class Test_macie_is_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "Macie is not enabled." - assert result[0].resource_id == "Macie" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER def test_macie_enabled(self): macie_client = mock.MagicMock + macie_client.audited_account = AWS_ACCOUNT_NUMBER + macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" macie_client.sessions = [ Session( status="ENABLED", @@ -52,10 +58,12 @@ class Test_macie_is_enabled: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == "Macie is enabled." - assert result[0].resource_id == "Macie" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER def test_macie_suspended(self): macie_client = mock.MagicMock + macie_client.audited_account = AWS_ACCOUNT_NUMBER + macie_client.audited_account_arn = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" macie_client.sessions = [ Session( status="PAUSED", @@ -79,4 +87,4 @@ class Test_macie_is_enabled: assert ( result[0].status_extended == "Macie is currently in a SUSPENDED state." ) - assert result[0].resource_id == "Macie" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER diff --git a/tests/providers/aws/services/macie/macie_service_test.py b/tests/providers/aws/services/macie/macie_service_test.py index bf1ab4fed3..6ac03ca845 100644 --- a/tests/providers/aws/services/macie/macie_service_test.py +++ b/tests/providers/aws/services/macie/macie_service_test.py @@ -56,6 +56,7 @@ class Test_Macie_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py index 2a8d9778ba..4d040fb7c3 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py @@ -29,6 +29,7 @@ class Test_networkfirewall_in_all_vpc: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py index 60bceaf03d..53c3170c30 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py @@ -64,7 +64,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_NetworkFirewall_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -75,6 +74,7 @@ class Test_NetworkFirewall_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/opensearch/opensearch_service_test.py b/tests/providers/aws/services/opensearch/opensearch_service_test.py index 0fc0b445ed..a4417c4d38 100644 --- a/tests/providers/aws/services/opensearch/opensearch_service_test.py +++ b/tests/providers/aws/services/opensearch/opensearch_service_test.py @@ -113,6 +113,7 @@ class Test_OpenSearchService_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py index 8407f35600..537cb9b8a4 100644 --- a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py +++ b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py @@ -23,6 +23,7 @@ class Test_organizations_account_part_of_organizations: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py index acd07abc3a..995ed3838b 100644 --- a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py +++ b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py @@ -23,6 +23,7 @@ class Test_organizations_delegated_administrators: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py index 2d999371ec..8df1279199 100644 --- a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py +++ b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py @@ -27,6 +27,7 @@ class Test_organizations_scp_check_deny_regions: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_service_test.py b/tests/providers/aws/services/organizations/organizations_service_test.py index 54b338518f..47a9258538 100644 --- a/tests/providers/aws/services/organizations/organizations_service_test.py +++ b/tests/providers/aws/services/organizations/organizations_service_test.py @@ -17,7 +17,6 @@ def scp_restrict_regions_with_deny(): class Test_Organizations_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -29,6 +28,7 @@ class Test_Organizations_Service: region_name=AWS_REGION, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py index 98d5088967..e90767b2e2 100644 --- a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py +++ b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py @@ -26,6 +26,7 @@ class Test_organizations_tags_policies_enabled_and_attached: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py index 67305501f4..801592f358 100644 --- a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py @@ -42,6 +42,7 @@ class Test_rds_instance_backup_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py index 56b6879a0c..de8573957c 100644 --- a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py @@ -42,6 +42,7 @@ class Test_rds_instance_deletion_protection: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py index 2a29d32ff5..567c520630 100644 --- a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_deprecated_engine_version: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py index 5fca2dc6cc..7e42fa08de 100644 --- a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_enhanced_monitoring_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py index 52fdbd02af..56da05ab90 100644 --- a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py +++ b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_integration_cloudwatch_logs: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py index 5b8595fa98..9b183b29d0 100644 --- a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_minor_version_upgrade_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py index 38f09d7b43..87046ef00a 100644 --- a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py +++ b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py @@ -42,6 +42,7 @@ class Test_rds_instance_multi_az: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py index 3f06f1202e..1da59ea39d 100644 --- a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_no_public_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py index 0fbed859f1..b2b51a61ba 100644 --- a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_storage_encrypted: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py index 5f8436dff2..a7d223a836 100644 --- a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py @@ -41,6 +41,7 @@ class Test_rds_instance_transport_encrypted: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_service_test.py b/tests/providers/aws/services/rds/rds_service_test.py index 3b6076f027..7a8531c7e8 100644 --- a/tests/providers/aws/services/rds/rds_service_test.py +++ b/tests/providers/aws/services/rds/rds_service_test.py @@ -40,6 +40,7 @@ class Test_RDS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py index c48037f86d..7fde31c4af 100644 --- a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py @@ -49,6 +49,7 @@ class Test_rds_snapshots_public_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/redshift/redshift_service_test.py b/tests/providers/aws/services/redshift/redshift_service_test.py index bd0c38ff7e..e27eeb87dd 100644 --- a/tests/providers/aws/services/redshift/redshift_service_test.py +++ b/tests/providers/aws/services/redshift/redshift_service_test.py @@ -67,6 +67,7 @@ class Test_Redshift_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py index d8b5472b46..8d86f6209c 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py @@ -23,6 +23,7 @@ class Test_resourceexplorer2_indexes_found: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -40,6 +41,9 @@ class Test_resourceexplorer2_indexes_found: resourceexplorer2_client = mock.MagicMock resourceexplorer2_client.indexes = [] resourceexplorer2_client.audited_account = AWS_ACCOUNT_NUMBER + resourceexplorer2_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) resourceexplorer2_client.region = AWS_REGION with mock.patch( "prowler.providers.aws.services.resourceexplorer2.resourceexplorer2_service.ResourceExplorer2", @@ -58,7 +62,7 @@ class Test_resourceexplorer2_indexes_found: assert result[0].status == "FAIL" assert result[0].status_extended == "No Resource Explorer Indexes found" assert result[0].resource_id == AWS_ACCOUNT_NUMBER - assert result[0].resource_arn == "NoResourceExplorer" + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_one_index_found(self): @@ -67,6 +71,9 @@ class Test_resourceexplorer2_indexes_found: Indexes(arn=INDEX_ARN, region=INDEX_REGION, type="LOCAL") ] resourceexplorer2_client.audited_account = AWS_ACCOUNT_NUMBER + resourceexplorer2_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) resourceexplorer2_client.region = AWS_REGION with mock.patch( "prowler.providers.aws.services.resourceexplorer2.resourceexplorer2_service.ResourceExplorer2", diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py index 2f80feef30..5c9c897d35 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py @@ -42,7 +42,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_ResourceExplorer2_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -53,6 +52,7 @@ class Test_ResourceExplorer2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py index 1fa741c348..fe0c979d95 100644 --- a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py +++ b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py @@ -22,6 +22,7 @@ class Test_route53_dangling_ip_subdomain_takeover: region_name=AWS_REGION, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/route53/route53_service_test.py b/tests/providers/aws/services/route53/route53_service_test.py index e19c926be5..1208255ce4 100644 --- a/tests/providers/aws/services/route53/route53_service_test.py +++ b/tests/providers/aws/services/route53/route53_service_test.py @@ -44,6 +44,7 @@ class Test_Route53_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/route53/route53domains_service_test.py b/tests/providers/aws/services/route53/route53domains_service_test.py index 7f270daebc..3d3e8b0e67 100644 --- a/tests/providers/aws/services/route53/route53domains_service_test.py +++ b/tests/providers/aws/services/route53/route53domains_service_test.py @@ -80,6 +80,7 @@ class Test_Route53_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py index ee83f77824..d63d587d5a 100644 --- a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py +++ b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py @@ -21,6 +21,7 @@ class Test_s3_account_level_public_access_blocks: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py index 04bbd3ff90..e70633a650 100644 --- a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_acl_prohibited: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py index 22575d34b1..ec14d0e238 100644 --- a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_default_encryption: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py index fdf5947620..557cab6403 100644 --- a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_level_public_access_block: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py index caa8f6770f..12c9807b7c 100644 --- a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_no_mfa_delete: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py index 23529fc58b..c9bade1c8d 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_object_lock: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py index a13b05eb88..41961c94bf 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_object_versioning: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py index debf70397a..3d442bab08 100644 --- a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_policy_public_write_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py index cfc2d7988a..4307dfc1f4 100644 --- a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_public_access: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py index afc1932f6b..96e83d4b0b 100644 --- a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_secure_transport_policy: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py index 17e2705528..0d0be26755 100644 --- a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py @@ -22,6 +22,7 @@ class Test_s3_bucket_server_access_logging_enabled: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/s3/s3_service_test.py b/tests/providers/aws/services/s3/s3_service_test.py index 199dd115f3..6c03c8f729 100644 --- a/tests/providers/aws/services/s3/s3_service_test.py +++ b/tests/providers/aws/services/s3/s3_service_test.py @@ -22,6 +22,7 @@ class Test_S3_Service: region_name=AWS_REGION, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py index 01229e7100..916b5e6841 100644 --- a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py +++ b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py @@ -114,6 +114,7 @@ class Test_SageMaker_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py index 8ea9719a1c..6ab7761c66 100644 --- a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py +++ b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py @@ -37,6 +37,7 @@ class Test_SecretsManager_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/securityhub/securityhub_service_test.py b/tests/providers/aws/services/securityhub/securityhub_service_test.py index d5a5f5c7dd..1736c172f6 100644 --- a/tests/providers/aws/services/securityhub/securityhub_service_test.py +++ b/tests/providers/aws/services/securityhub/securityhub_service_test.py @@ -67,6 +67,7 @@ class Test_SecurityHub_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py index b6538c5e97..1f935d6c6a 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py @@ -34,6 +34,7 @@ class Test_shield_advanced_protection_in_associated_elastic_ips: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py index f332897985..28c69c7285 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py @@ -21,6 +21,7 @@ class Test_shield_advanced_protection_in_classic_load_balancers: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py index e29c99fe48..379d8688c4 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py @@ -34,6 +34,7 @@ class Test_shield_advanced_protection_in_internet_facing_load_balancers: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/shield/shield_service_test.py b/tests/providers/aws/services/shield/shield_service_test.py index b5775e6465..74edd6b242 100644 --- a/tests/providers/aws/services/shield/shield_service_test.py +++ b/tests/providers/aws/services/shield/shield_service_test.py @@ -44,6 +44,7 @@ class Test_Shield_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/sns/sns_service_test.py b/tests/providers/aws/services/sns/sns_service_test.py index 0211190362..f5dca6fda8 100644 --- a/tests/providers/aws/services/sns/sns_service_test.py +++ b/tests/providers/aws/services/sns/sns_service_test.py @@ -58,6 +58,7 @@ class Test_SNS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/sqs/sqs_service_test.py b/tests/providers/aws/services/sqs/sqs_service_test.py index 5d539245f0..229cca1ef4 100644 --- a/tests/providers/aws/services/sqs/sqs_service_test.py +++ b/tests/providers/aws/services/sqs/sqs_service_test.py @@ -60,6 +60,7 @@ class Test_SQS_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ssm/ssm_service_test.py b/tests/providers/aws/services/ssm/ssm_service_test.py index 813a87642f..3f7dda49a6 100644 --- a/tests/providers/aws/services/ssm/ssm_service_test.py +++ b/tests/providers/aws/services/ssm/ssm_service_test.py @@ -141,6 +141,7 @@ class Test_SSM_Service: botocore_session=None, ), audited_account=DEFAULT_ACCOUNT_ID, + audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py b/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py index cac74d9022..32a98d2860 100644 --- a/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py +++ b/tests/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans_test.py @@ -8,11 +8,16 @@ from prowler.providers.aws.services.ssmincidents.ssmincidents_service import ( AWS_REGION = "us-east-1" REPLICATION_SET_ARN = "arn:aws:ssm-incidents::111122223333:replication-set/40bd98f0-4110-2dee-b35e-b87006f9e172" RESPONSE_PLAN_ARN = "arn:aws:ssm-incidents::111122223333:response-plan/example-response" +AWS_ACCOUNT_NUMBER = "123456789012" class Test_ssmincidents_enabled_with_plans: def test_ssmincidents_no_replicationset(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [] with mock.patch( @@ -32,12 +37,16 @@ class Test_ssmincidents_enabled_with_plans: assert ( result[0].status_extended == "No SSM Incidents replication set exists." ) - assert result[0].resource_id == "SSMIncidents" - assert result[0].resource_arn == "" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER + assert result[0].resource_arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" assert result[0].region == AWS_REGION def test_ssmincidents_replicationset_not_active(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [ ReplicationSet(arn=REPLICATION_SET_ARN, status="CREATING") @@ -60,12 +69,16 @@ class Test_ssmincidents_enabled_with_plans: result[0].status_extended == f"SSM Incidents replication set {REPLICATION_SET_ARN} exists but not ACTIVE." ) - assert result[0].resource_id == "SSMIncidents" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == REPLICATION_SET_ARN assert result[0].region == AWS_REGION def test_ssmincidents_replicationset_active_no_plans(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [ ReplicationSet(arn=REPLICATION_SET_ARN, status="ACTIVE") @@ -89,12 +102,16 @@ class Test_ssmincidents_enabled_with_plans: result[0].status_extended == f"SSM Incidents replication set {REPLICATION_SET_ARN} is ACTIVE but no response plans exist." ) - assert result[0].resource_id == "SSMIncidents" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == REPLICATION_SET_ARN assert result[0].region == AWS_REGION def test_ssmincidents_replicationset_active_with_plans(self): ssmincidents_client = mock.MagicMock + ssmincidents_client.audited_account = AWS_ACCOUNT_NUMBER + ssmincidents_client.audited_account_arn = ( + f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root" + ) ssmincidents_client.region = AWS_REGION ssmincidents_client.replication_set = [ ReplicationSet(arn=REPLICATION_SET_ARN, status="ACTIVE") @@ -120,6 +137,6 @@ class Test_ssmincidents_enabled_with_plans: result[0].status_extended == f"SSM Incidents replication set {REPLICATION_SET_ARN} is ACTIVE and has response plans." ) - assert result[0].resource_id == "SSMIncidents" + assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == REPLICATION_SET_ARN assert result[0].region == AWS_REGION diff --git a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py index a4bdf83bb9..b5d18dd9c2 100644 --- a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py +++ b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py @@ -67,7 +67,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_SSMIncidents_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -78,6 +77,7 @@ class Test_SSMIncidents_Service: botocore_session=None, ), audited_account=None, + audited_account_arn=None, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py index 542769ae3d..704beaa42a 100644 --- a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py +++ b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py @@ -33,6 +33,7 @@ class Test_TrustedAdvisor_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -67,7 +68,6 @@ class Test_TrustedAdvisor_Service: @mock_support # Test TrustedAdvisor session def test__describe_trusted_advisor_checks__(self): - audit_info = self.set_mocked_audit_info() trustedadvisor = TrustedAdvisor(audit_info) assert len(trustedadvisor.checks) == 104 # Default checks diff --git a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py index 035cf25375..d8dbb10489 100644 --- a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py +++ b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py @@ -19,6 +19,7 @@ class Test_vpc_different_regions: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py index 4dab57ac53..8d4b216f73 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py @@ -26,6 +26,7 @@ class Test_vpc_endpoint_connections_trust_boundaries: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py index 5bc7c1b830..f7bd0fa9ae 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py @@ -45,6 +45,7 @@ class Test_vpc_endpoint_services_allowed_principals_trust_boundaries: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py index 1079acf187..d210e24ecf 100644 --- a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py +++ b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py @@ -19,6 +19,7 @@ class Test_vpc_flow_logs_enabled: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py index a25bffdc26..6ffa402cf7 100644 --- a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py +++ b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py @@ -19,6 +19,7 @@ class Test_vpc_peering_routing_tables_with_least_privilege: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_service_test.py b/tests/providers/aws/services/vpc/vpc_service_test.py index b3ddd79ee9..7688cab4a5 100644 --- a/tests/providers/aws/services/vpc/vpc_service_test.py +++ b/tests/providers/aws/services/vpc/vpc_service_test.py @@ -21,6 +21,7 @@ class Test_VPC_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py index 1b0c0d4a77..f936a34b81 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py @@ -19,6 +19,7 @@ class Test_vpc_subnet_different_az: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py index 3b9664944b..ff4acfa7ed 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py @@ -19,6 +19,7 @@ class Test_vpc_subnet_separate_private_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py index f3ae1e54b4..f14272a333 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py @@ -19,6 +19,7 @@ class Test_vpc_subnet_separate_private_public: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/waf/waf_service_test.py b/tests/providers/aws/services/waf/waf_service_test.py index 6e954b266c..e903f0015b 100644 --- a/tests/providers/aws/services/waf/waf_service_test.py +++ b/tests/providers/aws/services/waf/waf_service_test.py @@ -55,6 +55,7 @@ class Test_WAF_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/wafv2/wafv2_service_test.py b/tests/providers/aws/services/wafv2/wafv2_service_test.py index a70a486bac..8d5571514b 100644 --- a/tests/providers/aws/services/wafv2/wafv2_service_test.py +++ b/tests/providers/aws/services/wafv2/wafv2_service_test.py @@ -19,6 +19,7 @@ class Test_WAFv2_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py index e73d63bf83..285799b5f8 100644 --- a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py +++ b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py @@ -63,6 +63,7 @@ class Test_WellArchitected_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/workspaces/workspaces_service_test.py b/tests/providers/aws/services/workspaces/workspaces_service_test.py index c1bdc3bfbd..b10589d6c1 100644 --- a/tests/providers/aws/services/workspaces/workspaces_service_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_service_test.py @@ -59,6 +59,7 @@ class Test_WorkSpaces_Service: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py index ccb65aa6f2..04728d8997 100644 --- a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py @@ -23,6 +23,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn=None, diff --git a/tests/providers/common/audit_info_test.py b/tests/providers/common/audit_info_test.py index c93b1117e1..6f8180dfca 100644 --- a/tests/providers/common/audit_info_test.py +++ b/tests/providers/common/audit_info_test.py @@ -98,6 +98,7 @@ class Test_Set_Audit_Info: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id=None, audited_partition="aws", audited_identity_arn="arn:aws:iam::123456789012:user/test", diff --git a/tests/providers/common/common_outputs_test.py b/tests/providers/common/common_outputs_test.py index 6a6929fa48..e9711129d2 100644 --- a/tests/providers/common/common_outputs_test.py +++ b/tests/providers/common/common_outputs_test.py @@ -62,6 +62,7 @@ class Test_Common_Output_Options: botocore_session=None, ), audited_account=AWS_ACCOUNT_NUMBER, + audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root", audited_user_id="test-user", audited_partition="aws", audited_identity_arn="test-user-arn", diff --git a/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py b/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py index c4f97b8c66..928db07dbd 100644 --- a/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py +++ b/tests/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level_test.py @@ -8,6 +8,7 @@ class Test_iam_no_service_roles_at_project_level: def test_iam_no_bindings(self): cloudresourcemanager_client = mock.MagicMock cloudresourcemanager_client.bindings = [] + cloudresourcemanager_client.project_ids = [GCP_PROJECT_ID] with mock.patch( "prowler.providers.gcp.services.iam.iam_no_service_roles_at_project_level.iam_no_service_roles_at_project_level.cloudresourcemanager_client",