search

nccgroup / Scout2

Security auditing tool for AWS environments
http://nccgroup.github.io/Scout2/
GNU General Public License v2.0
1.73k stars 300 forks source link

AuthorizationError and AccessDenied #261

Closed saryx123 closed 6 years ago

saryx123 commented 6 years ago

When running with SecurityAuditor privilege , as advised, few of the calls/checks return an error -

An error occurred (AuthorizationError) when calling the ListSubscriptions operation: User: arn:aws:iam::ACCOUNTID#:user/USERNAME is not authorized to perform: SNS:ListSubscriptions on resource: arn:aws:sns:ap-south-1:ACCOUNTID#:*

An error occurred (AccessDenied) when calling the ListIdentityPolicies operation: User: arn:aws:iam::ACCOUNTID#:user/USERNAME is not authorized to perform: ses:ListIdentityPolicies

An error occurred (AccessDenied) when calling the ListIdentityPolicies operation: User: arn:aws:iam::ACCOUNTID#:user/USERNAME is not authorized to perform: ses:ListIdentityPolicies

x4v13r64 commented 6 years ago

You should use the https://github.com/nccgroup/AWS-recipes/blob/master/IAM-Policies/Scout2-Default.json policy to run Scout2. Alternatively you may use the ReadOnlyAccess managed policy in conjunction with the SecurityAuditor policy.