search

aws-solutions / account-assessment-for-aws-organizations

Account Assessment for AWS Organizations programmatically scans all AWS accounts in an AWS Organization for identity-based and resource-based policies with Organization-based conditions.
Apache License 2.0
28 stars 10 forks source link

opensearch.describe_domains does not allow more than 5 at a time #7

Closed devt closed 1 year ago

devt commented 1 year ago

Describe the bug The opensearch.describe_domains call to does not allow more than 5 at a time

To Reproduce Test in an account which has more than 5 domains

Expected behavior Is able to enumerate and analyze the policies for all domains in the account/region - Does not return {"Error": {"Message": "Please provide a maximum of 5 domain names to describe.", "Code": "ValidationException"}, "

Please complete the following information about the solution:

Additional context

$ aws opensearch list-domain-names --output text --query 'DomainNames[].[DomainName, EngineType]'  
search1 OpenSearch
search2 OpenSearch
es-search3  Elasticsearch
es-search4  Elasticsearch
es-diag5    Elasticsearch
search6 OpenSearch
es-diag7    Elasticsearch
es-search8  Elasticsearch

$ aws opensearch describe-domains --domain-names search1 search2 es-search3 es-search4 es-diag5 search6 --output text --query 'DomainStatusList[].[DomainName]'

An error occurred (ValidationException) when calling the DescribeDomains operation: Please provide a maximum of 5 domain names to describe.

$ aws opensearch describe-domains --domain-names search1 search2 es-search3 es-search4 es-diag5  --output text --query 'DomainStatusList[].[DomainName]'
search1
search2
es-search3
es-search4
es-diag5
groverlalit commented 1 year ago

Thanks for raising this issue. We were able to duplicate it. We have added this to our backlog and will be fixed in the next release.