Codefixes - Githubissues

awslabs / aws-securityhub-multiaccount-scripts

This script automates the process of running the Security Hub multi-account workflow across a group of accounts that are in your control

MIT No Attribution

271 stars 108 forks source link

Codefixes #22

Closed obijan42 closed 1 year ago

obijan42 commented 4 years ago

Issue #, if available:

Description of changes:

Exception handling
Fix hanging when attempting to subscribe the master to itself
Implemented prompt-skipping for use in automation
Don't re-do standards that are already active
CSV file is now optional. It can autodetect the entire org instead
Changed references to python3

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

ryanholland commented 4 years ago

Hi, Appreciate the changes you've made, however I do not think we can accept the commit to add Organization support as it leverages protected APIs, specifically ListAccounts, which can only be called from the Organization Master account and will result in a failure if called from any other account. We guide users to minimize use of the Organization Master account and in many cases that account will not be accessible to those deploying Security Hub.

obijan42 commented 4 years ago

The added support is an option, which nobody is forced to use. The way the latest version works: IF you don't supply a CSV, then If the org call works, it uses that, else It complains that you didn't specify a list

So that should be backwards compatible for all cases.