No vault access policy is set for: uat

[ozbillwang]

Please mention the following:

• What command was run?

python cloudmapper.py collect --account xxx --regions ap-southeast-2

• Are you working out of a virtualenv environment, Docker, or something else?

docker

• Error:

Summary: 390 APIs called. 1 errors
Failures:
  glacier.get_vault_access_policy({'vaultName': 'uat', 'accountId': '-'}): An error occurred (ResourceNotFoundException) when calling the GetVaultAccessPolicy operation: No vault access policy is set for: uat

glacier.get_vault_access_policy({'vaultName': 'uat', 'accountId': '-'}): An error occurred (ResourceNotFoundException) when calling the GetVaultAccessPolicy operation: No vault access policy is set for: uat

[ozbillwang]

any hints for me? I can't pass this issue? Can I ignore to collect anything from glacier?

[0xdabbad00]

It's just telling you there was en error and not throwing an exception. In this case the vault appears to not have a policy associated with it. Because of this, when performing an audit, CloudMapper may throw an error when checking if the Vault's policy is public or not. My expectation as the developer of CloudMapper is that by telling you there was a problem, you'll investigate it manually and be aware that any auditing associated with that resource will not be possible.

[ozbillwang]

Thank you for the explanation, @0xdabbad00

could we ignore the audit when we do the collection?

such as:

when we run with python cloudmapper.py collect, it collects the data only when we run with python cloudmapper.py audit, it does the audit.

Same idea,

when we run with python cloudmapper.py report with collect command only, it report the data only, no need audit details

[ozbillwang]

Finally I found the policy, it is not in IAM policy, but in glacier.

After clean it, the collection is fine.