Incorrect partitions built for GovCloud - Githubissues

duo-labs / cloudtracker

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.

BSD 3-Clause "New" or "Revised" License

887 stars 111 forks source link

Incorrect partitions built for GovCloud #50

Closed jmhale closed 4 years ago

jmhale commented 5 years ago

When trying to run cloudtracker against a AWS GovCloud account, no results are returned, because the partitions are being built against the list of Commercial regions, which it's getting from the get_available_regions call. https://github.com/duo-labs/cloudtracker/blob/master/cloudtracker/datasources/athena.py#L274

This is because the partition_name arg is omitted (https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html#boto3.session.Session.get_available_regions)

Obviously, this is fine for most use cases, but it would nice if we could toggle a flag in config to get GovCloud-specific env data.

0xdabbad00 commented 4 years ago

Closing this as I'm going to focus on creating Athena tables in https://github.com/duo-labs/cloudtrail-partitioner