ARN Not found
Exp-SecOps opened this issue · 2 comments
Hi Team,
We got an error Managed Policy ARN %s not found
Excluded prefix: /service-role*
Excluded prefix: /aws-service-role*
Excluded prefix: /aws-service-role*
Excluded prefix: /aws-service-role*
Excluded prefix: /aws-service-role*
Excluded prefix: /aws-service-role*
Excluded prefix: service-role*
Excluded prefix: service-role*
Excluded prefix: service-role*
Traceback (most recent call last):
File "/home/test/.local/bin/cloudsplaining", line 8, in
sys.exit(main())
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/bin/cli.py", line 34, in main
cloudsplaining()
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/command/scan.py", line 84, in scan
rendered_html_report = scan_account_authorization_details(
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/command/scan.py", line 175, in scan_account_authorization_details
authorization_details = AuthorizationDetails(
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/scan/authorization_details.py", line 66, in init
self.group_detail_list = GroupDetailList(
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/scan/group_details.py", line 41, in init
self.groups = [
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/scan/group_details.py", line 42, in
GroupDetail(
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/scan/group_details.py", line 187, in init
attached_managed_policy_details = policy_details.get_policy_detail(
File "/home/test/.local/lib/python3.8/site-packages/cloudsplaining/scan/managed_policy_detail.py", line 98, in get_policy_detail
raise Exception("Managed Policy ARN %s not found.", arn)
Exception: ('Managed Policy ARN %s not found.', 'arn:aws:iam::aws:policy/AWSLambdaFullAccess')
hey @Exp-SecOps thanks for reaching out.
I took a quick look and you have a group with an attached managed policy, which doesn't exist anymore the ARN arn:aws:iam::aws:policy/AWSLambdaFullAccess is now arn:aws:iam::aws:policy/AWSLambda_FullAccess.
I will check on how to improve the output, but that's the actual issue. You can check the default.json (can have a different name, depending on the profile you passed to cloudsplaining) and search for arn:aws:iam::aws:policy/AWSLambdaFullAccess
Hi @gruebel
Thank you