Failed to process rule defined in ec2-instance-with-open-nacls.json

[rafalskyi]

when i am tryin to run ec2 scan - i am getting an error

--debug output:

Current path: [u'ec2', u'regions', u'us-east-1', u'vpcs', u'vpc-14da796d', u'instances', u'i-0029aa599ecd35940', u'network_interfaces', u'eni-07727098']
Traceback (most recent call last):
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/configs/browser.py", line 92, in get_value_at
    target_obj = target_obj[p]
KeyError: u'us-east-1'

Current path: [u'ec2', u'regions', u'us-east-1', u'vpcs', u'vpc-14da796d', u'instances', u'i-0029aa599ecd35940', u'network_interfaces', u'eni-07727098']
Traceback (most recent call last):
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/configs/browser.py", line 97, in get_value_at
    raise Exception
Exception

Traceback (most recent call last):
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/processingengine.py", line 50, in run
    aws_config['services'][service][self.ruleset.rule_type][rule.key]['items'] = recurse(aws_config['services'], aws_config['services'], path, [], rule, True)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 71, in recurse
    results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 71, in recurse
    results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 78, in recurse
    results = results + recurse(all_info, split_current_info, split_target_path, split_current_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 71, in recurse
    results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 78, in recurse
    results = results + recurse(all_info, split_current_info, split_target_path, split_current_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 71, in recurse
    results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 78, in recurse
    results = results + recurse(all_info, split_current_info, split_target_path, split_current_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 71, in recurse
    results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 78, in recurse
    results = results + recurse(all_info, split_current_info, split_target_path, split_current_path, config, add_suffix)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 56, in recurse
    if pass_conditions(all_info, current_path, copy.deepcopy(config.conditions)):
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 114, in pass_conditions
    path_to_value = fix_path_string(all_info, current_path, path_to_value)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/rules/utils.py", line 35, in fix_path_string
    dv = get_value_at(all_info, current_path, tmp)
  File "/home/ubuntu/Scout2/local/lib/python2.7/site-packages/AWSScout2/configs/browser.py", line 102, in get_value_at
    raise Exception
Exception

Failed to process rule defined in ec2-instance-with-open-nacls.json

[rafalskyi]

the issue exists only if you scan EC2 only. if run scan EC2 + VPC - all data preset.

it would be nice to throw warning but not an error about not not full scan results or at lease provide in documentations about what scans depends on each other

[x4v13r64]

@rafalskyi this issue is caused by the fact that the ec2-instance-with-open-nacls.json filter requires VPC-related data. EC2 and VPC services are very tightly coupled.

This is an edge-case issue and doesn't cause the scan to fail, so I'll consider it a non-fix for now.