Error fetching AWS Config recorders: operation error Config Service: DescribeConfigurationRecorders, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: f08d1b32-c6ff-41f1-8357-07819eefa3ab, api error AccessDenied: User: arn:aws:sts::378890115541:assumed-role/cloudbeat-root/aws-go-sdk-1715607180126994429 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::049528901747:role/cloudbeat-securityaudit
failed to describe config recorders: fail to retrieve aws resources for region: us-east-1, error: operation error Config Service: DescribeConfigurationRecorders, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: f08d1b32-c6ff-41f1-8357-07819eefa3ab, api error AccessDenied: User: arn:aws:sts::378890115541:assumed-role/cloudbeat-root/aws-go-sdk-1715607180126994429 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::049528901747:role/cloudbeat-securityaudit
Unable to fetch IAM users, error: operation error IAM: ListUsers, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: f08d1b32-c6ff-41f1-8357-07819eefa3ab, api error AccessDenied: User: arn:aws:sts::378890115541:assumed-role/cloudbeat-root/aws-go-sdk-1715607180126994429 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::049528901747:role/cloudbeat-securityaudit
failed to describe security hub: fail to retrieve aws resources for region: us-east-1, error: operation error SecurityHub: DescribeHub, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: f08d1b32-c6ff-41f1-8357-07819eefa3ab, api error AccessDenied: User: arn:aws:sts::378890115541:assumed-role/cloudbeat-root/aws-go-sdk-1715607180126994429 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::049528901747:role/cloudbeat-securityaudit
failed to load some DB instances from rds: fail to retrieve aws resources for region: us-east-1, error: operation error RDS: DescribeDBInstances, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: e0be65f1-5148-4bfb-8b09-d1a5a6c65fbd, api error AccessDenied: User: arn:aws:sts::378890115541:assumed-role/cloudbeat-root/aws-go-sdk-1715607180126994429 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::049528901747:role/cloudbeat-securityaudit,
failed to describe trails: operation error CloudTrail: DescribeTrails, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: e0be65f1-5148-4bfb-8b09-d1a5a6c65fbd, api error AccessDenied: User: arn:aws:sts::378890115541:assumed-role/cloudbeat-root/aws-go-sdk-1715607180126994429 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::049528901747:role/cloudbeat-securityaudit
Preconditions
Run CSPM AWS
To Reproduce
Write the exact actions one should perform in order to reproduce the bug.
Steps to reproduce the behavior:
Add CSPM AWS Integration
Search logs for AssumeRole
Describe the bug
noticed these errors in
8.14BC4 (see https://github.com/elastic/security-team/issues/9427#issuecomment-2112533090)Preconditions Run CSPM AWS
To Reproduce Write the exact actions one should perform in order to reproduce the bug. Steps to reproduce the behavior:
Add CSPM AWS Integration Search logs for
AssumeRoleExpected behavior No access denied errors