Closed jimsmith closed 5 years ago
Hi, I am not able to reproduce this, can you provide the full error output and ensure you have the most recent version of the script.
Hi thanks.
That is the entire output and the version I used was latest pulled down on the day I logged this issue.
What do you suggest next for entire output?
There would have been more to the error output, specifically what parameter validation failed, after "Parameter validation failed:"
I'll rerun this tomorrow seeing its getting close to midnight over at my end.... and will update here in due course 👍🏻
Thanks!
I had the same issue too. The problem is the paramter type for "AccountIds", it is expected to be from type list, but it isn't. Simply converting the paramters to list fixed it for me. This has to be done 4 times in the script. for example: AccountIds=member_dict.keys() --> AccountIds=list(member_dict.keys())
Hey all, I have this problem too. With Python 3.7.3 x64 bit (downloaded today) and having cloned this repo today also on Windows10 endpoint.
Just tested the enableguardduty script and it worked beautifully! Thanks!
But when running disableguardduty like so
.\disableguardduty.py --master_account <XXXX> .\accounts.csv --assume_role ManageGuardDuty
it starts off ok and cycles through the regions - then stops when it finds an enabled region with:
PS C:\bitbucket\amazon-guardduty-multiaccount-scripts> python .\disableguardduty.py --master_account
Following @WFAKEN11 comments from 11 Mar I edited the following and it seems to have fixed the problem. (Thanks @WFAKEN11!!)
LINES 163-179
AccountIds=list(member_dict.keys()),
DetectorId=detector_id
)
response = gd_client.delete_members(
DetectorId=detector_id,
AccountIds=list(member_dict.keys())
)
else:
response = gd_client.disassociate_members(
AccountIds=list(aws_account_dict.keys()),
DetectorId=detector_id
)
response = gd_client.delete_members(
DetectorId=detector_id,
AccountIds=list(aws_account_dict.keys())
This has been corrected, thanks for calling out the incompatibility with 3.7
When running
disableguardduty.py
this comes back:Command that was used:
python disableguardduty.py --master_account=<aws guardduty master account id> --assume_role=OrganizationAccountAccessRole ./guardduty_account_list.txt --enabled_regions=eu-west-1 --delete_master