fix(aws-cn partition): solve aws-cn partition errors (#1576)

Co-authored-by: sergargar <sergio@verica.io>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>

prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py

@@ -5,26 +5,28 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 class iam_root_hardware_mfa_enabled(Check):
     def execute(self) -> Check_Report_AWS:
         findings = []
-        virtual_mfa = False
-        report = Check_Report_AWS(self.metadata())
-        report.region = iam_client.region
-        report.resource_id = "root"
-        report.resource_arn = f"arn:aws:iam::{iam_client.account}:root"
+        # This check is only avaible in Commercial Partition
+        if iam_client.partition == "aws":
+            virtual_mfa = False
+            report = Check_Report_AWS(self.metadata())
+            report.region = iam_client.region
+            report.resource_id = "root"
+            report.resource_arn = f"arn:aws:iam::{iam_client.account}:root"
 
-        if iam_client.account_summary["SummaryMap"]["AccountMFAEnabled"] > 0:
-            virtual_mfas = iam_client.virtual_mfa_devices
-            for mfa in virtual_mfas:
-                if "root" in mfa["SerialNumber"]:
-                    virtual_mfa = True
-                    report.status = "FAIL"
-                    report.status_extended = "Root account has a virtual MFA instead of a hardware MFA enabled."
-            if not virtual_mfa:
-                report.status = "PASS"
-                report.status_extended = "Root account has hardware MFA enabled."
-        else:
-            report.status = "FAIL"
-            report.status_extended = "MFA is not enabled for root account."
+            if iam_client.account_summary["SummaryMap"]["AccountMFAEnabled"] > 0:
+                virtual_mfas = iam_client.virtual_mfa_devices
+                for mfa in virtual_mfas:
+                    if "root" in mfa["SerialNumber"]:
+                        virtual_mfa = True
+                        report.status = "FAIL"
+                        report.status_extended = "Root account has a virtual MFA instead of a hardware MFA enabled."
+                if not virtual_mfa:
+                    report.status = "PASS"
+                    report.status_extended = "Root account has hardware MFA enabled."
+            else:
+                report.status = "FAIL"
+                report.status_extended = "MFA is not enabled for root account."
 
-        findings.append(report)
+            findings.append(report)
 
         return findings

prowler/providers/aws/services/iam/iam_service.py

@@ -12,6 +12,7 @@ class IAM:
         self.service = "iam"
         self.session = audit_info.audit_session
         self.account = audit_info.audited_account
+        self.partition = audit_info.audited_partition
         self.client = self.session.client(self.service)
         self.region = get_region_global_service(audit_info)
         self.users = self.__get_users__()

util/update_aws_services_regions.py

@@ -41,8 +41,8 @@ for item in original_matrix_regions_aws["prices"]:
         old_service = service
         regions = {}
         regions["aws"] = {}
-        regions["cn"] = {}
-        regions["gov"] = {}
+        regions["aws-cn"] = {}
+        regions["aws-us-gov"] = {}
         regions_dict["regions"] = {}
         regions_aws = []
         regions_cn = []
@@ -51,11 +51,11 @@ for item in original_matrix_regions_aws["prices"]:
     # Include the region in their AWS partition
     if "cn-" in region:
         regions_cn.append(region)
-        regions["cn"] = regions_cn
+        regions["aws-cn"] = regions_cn
 
     elif "gov-" in region:
         regions_gov.append(region)
-        regions["gov"] = regions_gov
+        regions["aws-us-gov"] = regions_gov
     else:
         regions_aws.append(region)
         regions["aws"] = regions_aws