AWS Organizations integration fails after scanning the first member account

[acdha]

Describe the bug

When run using org mode, the first member account will be scanned. All of the other accounts will fail.

Expected behavior

It should scan all of the member accounts

Current behavior

Warning: Failed to assume role into Member Account …, skipping ...

If you remove the 2>/dev/null which discards the error output from the aws sts assume-role command you'll see this additional detail:

Unable to locate credentials. You can configure credentials by running "aws configure".

Possible solution

Reviewing the code from #2, I believe the problem is related to the way assume_role() overwrites its current credentials with the assumed role credentials, which allows that account to be scanned but then causes all subsequent accounts to fail since you'd need to call sts:AssumeRole using the original credentials.

https://github.com/PaloAltoNetworks/pcs-sizing-scripts/blob/73fbe9aa46d16a0b41d985cd792d4a9353436b4b/aws/resource-count-aws.sh#L266-L279

Steps to reproduce

1. Run resource-count-aws.sh org with credentials in the Organization master account for an IAM user which has permission to assume the OrganizationAccountAccessRole in each member account.

[welcome-to-palo-alto-networks[bot]]

:tada: Thanks for opening your first issue here! Welcome to the community!

[tkishel]

Could you test the above PR?