Closed lowpast closed 4 years ago
@lowpast I've fixed this here: https://github.com/asantos-fuze/amazon-guardduty-multiaccount-scripts I've the PR https://github.com/aws-samples/amazon-guardduty-multiaccount-scripts/pull/33 waiting to be merged
@asantos-fuze hey asantos, I'm still getting the error that lowpast posted above. I believe it's the same issue, although I haven't attempted to downgrade my botocore/boto3 packages.
@mr26 I'm running boto3==1.9.253 and it's good
@asantos-fuze thanks for the prompt reply. I'm currently running version '1.10.50'. I was able to get it working when passing the appropriate regions through the command line, but when running the script outright I get the same error lowcast has posted above.
@asantos-fuze it turns out the error was in the print statement evoked when handling the error.
print("Failed to list detectors in Master account for region: {} due to an authentication error. Either your credentials are not correctly configured or the region is an OptIn region that is not enabled on the master account. Skipping {} and attempting to continue").format(aws_region, aws_region)
Had a parentheses before the format method was used. Changed it to the following and the script works with no issues now.
print("Failed to list detectors in Master account for region: {} due to an authentication error. Either your credentials are not correctly configured or the region is an OptIn region that is not enabled on the master account. Skipping {} and attempting to continue".format(aws_region, aws_region))
thank you for your work btw, this script is incredibly useful and helpful for our current project.
Thanks for letting us know about the print.format error, I just pushed an update to fix that.
@ryanholland @asantos-fuze Thanks guys. I also updated the disableguardduty program to basically incorporate the same error handling you guys implemented in the enableguardduty program, preventing the script from crashing when iterating over a disabled region.
I've made a pull request with the changes for you guys to look over and approve/deny based upon your discretion. Thanks again.
Most recent versions of botocore (1.12.253) & boto3 (1.12.9) causes this script to fail.
Enabling members in all available GuardDuty regions ['ap-east-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-north-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'me-south-1', 'sa-east-1', 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2'] Assumed session for ---------. Failed to list detectors in Master account for region: {} due to an authentication error. Either your credentials are not correctly configured or the region is an OptIn region that is not enabled on the master account. Skipping {} and attempting to continue Traceback (most recent call last): File "enableguardduty.py", line 187, in
detector_dict = list_detectors(gd_client, aws_region)
File "enableguardduty.py", line 110, in list_detectors
detector_dict = client.list_detectors()
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the ListDetectors operation: The security token included in the request is invalid
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "enableguardduty.py", line 214, in
print("Failed to list detectors in Master account for region: {} due to an authentication error. Either your credentials are not correctly configured or the region is an OptIn region that is not enabled on the master account. Skipping {} and attempting to continue").format(aws_region, aws_region)
AttributeError: 'NoneType' object has no attribute 'format'
I was able to get this working by downgrading my packages -
pip install boto3==1.9.86 pip install botocore==1.12.88
I think this is due to the script attempting to enable ap-east-1 (HongKong), an opt-in only region. I do not (and will not) have this region enabled.