Open bharathkarumudi opened 6 months ago
Based on the exception, it looks that some role in the input json is missing the RoleLastUsed
key. According to the AWS documentation this however should be part of the output of the get-account-authorization-details
. I'm not sure if there can be some special cases where this data is missing from the output :thinking:
Could you try to track the role it fails to parse in the input json? So are there roles without RoleLastUsed
key? Is there anything special in those roles? Like, are they very old or do they seem to be missing something else?
I verified this again, the accounts that are part of AWS Organizations have the RoleLastUsed
key for every custom and AWS-managed roles. Whereas, my other account which is a standalone and non-US account does not have this key in the JSON for both AWS managed and custom roles.
I am not sure if the get-account-authorization-details
works differently for (a) Standalone accounts, (b) non-US regions.
When I run the
iamgraph --db-uri bolt://172.17.0.3:7687 run --input-dir ./
utility on one of my accounts, I encounter the below error.The tool processed all
get-account-authorization-details
JSON files of other accounts with no issues, but only with this one account; I see this error.The difference between all other accounts is that this is a Standalone account, whereas others are part of AWS Organization.