I'm unable to run this locally, as suggested by the readme file in "Ensure you have credentials setup on your local machine for your master account that have permission to call AssumeRole." That sentence is not sufficiently clear.
Typically running locally you use a profile, in our case integrated with AWS SSO, but this tool doesn't seem to support that.
Here's the error I get:
Enabling members in these regions: ['ap-southeast-2']
Traceback (most recent call last):
File "C:\Documents\code\cps-aws-platform2\tools\aws-securityhub-multiaccount-scripts\enablesecurityhub.py", line 254, in <module>
master_session = assume_role(args.master_account, args.assume_role)
File "C:\Documents\code\cps-aws-platform2\tools\aws-securityhub-multiaccount-scripts\enablesecurityhub.py", line 45, in assume_role
partition = sts_client.get_caller_identity()['Arn'].split(":")[1]
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\client.py", line 621, in _make_api_call
http, parsed_response = self._make_request(
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\client.py", line 641, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\endpoint.py", line 102, in make_request
return self._send_request(request_dict, operation_model)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\endpoint.py", line 132, in _send_request
request = self.create_request(request_dict, operation_model)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\endpoint.py", line 115, in create_request
self._event_emitter.emit(event_name, request=request,
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\hooks.py", line 356, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\hooks.py", line 228, in emit
return self._emit(event_name, kwargs)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\hooks.py", line 211, in _emit
response = handler(**kwargs)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\signers.py", line 90, in handler
return self.sign(operation_name, request)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\signers.py", line 160, in sign
auth.add_auth(request)
File "C:\Users\username\AppData\Roaming\Python\Python38\site-packages\botocore\auth.py", line 357, in add_auth
raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials
I'm unable to run this locally, as suggested by the readme file in "Ensure you have credentials setup on your local machine for your master account that have permission to call AssumeRole." That sentence is not sufficiently clear.
Typically running locally you use a profile, in our case integrated with AWS SSO, but this tool doesn't seem to support that.
Here's the error I get: