chore(aws): support new eusc partition (#9649)

Co-authored-by: Pepe Fagoaga <pepe@prowler.com>

tests/providers/aws/aws_provider_test.py

@@ -45,6 +45,7 @@ from tests.providers.aws.utils import (
     AWS_ACCOUNT_NUMBER,
     AWS_CHINA_PARTITION,
     AWS_COMMERCIAL_PARTITION,
+    AWS_EUSC_PARTITION,
     AWS_GOV_CLOUD_ACCOUNT_ARN,
     AWS_GOV_CLOUD_PARTITION,
     AWS_ISO_PARTITION,
@@ -52,6 +53,7 @@ from tests.providers.aws.utils import (
     AWS_REGION_CN_NORTHWEST_1,
     AWS_REGION_EU_CENTRAL_1,
     AWS_REGION_EU_WEST_1,
+    AWS_REGION_EUSC_DE_EAST_1,
     AWS_REGION_GOV_CLOUD_US_EAST_1,
     AWS_REGION_ISO_GLOBAL,
     AWS_REGION_US_EAST_1,
@@ -956,6 +958,13 @@ aws:
 
         assert aws_provider.get_global_region() == AWS_REGION_ISO_GLOBAL
 
+    @mock_aws
+    def test_aws_eusc_get_global_region(self):
+        aws_provider = AwsProvider()
+        aws_provider._identity.partition = AWS_EUSC_PARTITION
+
+        assert aws_provider.get_global_region() == AWS_REGION_EUSC_DE_EAST_1
+
     @mock_aws
     def test_get_available_aws_service_regions_with_us_east_1_audited(self):
         region = [AWS_REGION_US_EAST_1]
@@ -1506,6 +1515,17 @@ aws:
             sts_session._endpoint.host == f"https://sts.{aws_region}.amazonaws.com.cn"
         )
 
+    @mock_aws
+    def test_create_sts_session_eusc(self):
+        current_session = session.Session()
+        aws_region = AWS_REGION_EUSC_DE_EAST_1
+        sts_session = AwsProvider.create_sts_session(current_session, aws_region)
+
+        assert sts_session._service_model.service_name == "sts"
+        assert sts_session._client_config.region_name == aws_region
+        assert sts_session._endpoint._endpoint_prefix == "sts"
+        assert sts_session._endpoint.host == f"https://sts.{aws_region}.amazonaws.eu"
+
     @mock_aws
     @patch(
         "prowler.lib.check.utils.recover_checks_from_provider",
@@ -1760,7 +1780,7 @@ aws:
         assert len(AwsProvider.get_regions("aws-cn")) == 2
 
     def test_get_regions_aws_count(self):
-        assert len(AwsProvider.get_regions(partition="aws")) == 35
+        assert len(AwsProvider.get_regions(partition="aws")) == 34
 
     def test_get_all_regions(self):
         with patch(

tests/providers/aws/lib/arn/arn_test.py

@@ -19,6 +19,7 @@ IAM_ROLE = "test-role"
 IAM_SERVICE = "iam"
 COMMERCIAL_PARTITION = "aws"
 CHINA_PARTITION = "aws-cn"
+EUSC_PARTITION = "aws-eusc"
 GOVCLOUD_PARTITION = "aws-us-gov"
 
 
@@ -245,6 +246,28 @@ class Test_ARN_Parsing:
                     "resource": IAM_ROLE,
                 },
             },
+            {
+                "input_arn": f"arn:{EUSC_PARTITION}:{IAM_SERVICE}::{ACCOUNT_ID}:{RESOURCE_TYPE_ROLE}/{IAM_ROLE}",
+                "expected": {
+                    "partition": EUSC_PARTITION,
+                    "service": IAM_SERVICE,
+                    "region": None,
+                    "account_id": ACCOUNT_ID,
+                    "resource_type": RESOURCE_TYPE_ROLE,
+                    "resource": IAM_ROLE,
+                },
+            },
+            {
+                "input_arn": f"arn:{EUSC_PARTITION}:{IAM_SERVICE}::{ACCOUNT_ID}:{RESOUCE_TYPE_USER}/{IAM_ROLE}",
+                "expected": {
+                    "partition": EUSC_PARTITION,
+                    "service": IAM_SERVICE,
+                    "region": None,
+                    "account_id": ACCOUNT_ID,
+                    "resource_type": RESOUCE_TYPE_USER,
+                    "resource": IAM_ROLE,
+                },
+            },
             # Root user
             {
                 "input_arn": f"arn:aws:{IAM_SERVICE}::{ACCOUNT_ID}:root",
@@ -279,6 +302,17 @@ class Test_ARN_Parsing:
                     "resource": "root",
                 },
             },
+            {
+                "input_arn": f"arn:{EUSC_PARTITION}:{IAM_SERVICE}::{ACCOUNT_ID}:root",
+                "expected": {
+                    "partition": EUSC_PARTITION,
+                    "service": IAM_SERVICE,
+                    "region": None,
+                    "account_id": ACCOUNT_ID,
+                    "resource_type": "root",
+                    "resource": "root",
+                },
+            },
             {
                 "input_arn": f"arn:aws:sts::{ACCOUNT_ID}:federated-user/Bob",
                 "expected": {
@@ -312,6 +346,17 @@ class Test_ARN_Parsing:
                     "resource": "Bob",
                 },
             },
+            {
+                "input_arn": f"arn:{EUSC_PARTITION}:sts::{ACCOUNT_ID}:federated-user/Bob",
+                "expected": {
+                    "partition": EUSC_PARTITION,
+                    "service": "sts",
+                    "region": None,
+                    "account_id": ACCOUNT_ID,
+                    "resource_type": "federated-user",
+                    "resource": "Bob",
+                },
+            },
         ]
         for test in test_cases:
             input_arn = test["input_arn"]
@@ -379,6 +424,7 @@ class Test_ARN_Parsing:
     def test_is_valid_arn(self):
         assert is_valid_arn("arn:aws:iam::012345678910:user/test")
         assert is_valid_arn("arn:aws-cn:ec2:us-east-1:123456789012:vpc/vpc-12345678")
+        assert is_valid_arn("arn:aws-eusc:ec2:us-east-1:123456789012:vpc/vpc-12345678")
         assert is_valid_arn("arn:aws-us-gov:s3:::bucket")
         assert is_valid_arn("arn:aws-iso:iam::012345678910:user/test")
         assert is_valid_arn("arn:aws-iso-b:ec2:us-east-1:123456789012:vpc/vpc-12345678")

tests/providers/aws/utils.py

@@ -17,6 +17,7 @@ from prowler.providers.common.models import Audit_Metadata
 AWS_COMMERCIAL_PARTITION = "aws"
 AWS_GOV_CLOUD_PARTITION = "aws-us-gov"
 AWS_CHINA_PARTITION = "aws-cn"
+AWS_EUSC_PARTITION = "aws-eusc"
 AWS_ISO_PARTITION = "aws-iso"
 
 # Root AWS Account
@@ -52,6 +53,9 @@ AWS_REGION_GOV_CLOUD_US_EAST_1 = "us-gov-east-1"
 # Iso Regions
 AWS_REGION_ISO_GLOBAL = "aws-iso-global"
 
+# European Sovereign Cloud Regions
+AWS_REGION_EUSC_DE_EAST_1 = "eusc-de-east-1"
+
 # EC2
 EXAMPLE_AMI_ID = "ami-12c6146b"