search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.52k stars 1.5k forks source link

ValueError with TimeData in AWS during iam_avoid_root_usage , iam_rotate_access_key_90_days , iam_user_accesskey_unused checks #4448

Closed snowmirage closed 1 month ago

snowmirage commented 1 month ago

Steps to Reproduce

prowler aws -p --log-level ERROR

Expected behavior

I'm seeing several errors related to AWS iam checks I'm not expecting when running prowler on several AWS accounts.

Actual Result with Screenshots or Logs

Something went wrong in iam_avoid_root_usage, please use --log-level ERROR

2024-07-15 13:15:34,448 [File: check.py:463] [Module: check] ERROR: Something went wrong in iam_avoid_root_usage '2023-05-18T16:29:55Z' does not match format '%Y-%m-%dT%H:%M:%S+00:00' Something went wrong in iam_rotate_access_key_90_days, please use --log-level ERROR

2024-07-15 13:15:34,952 [File: check.py:463] [Module: check] ERROR: iam_rotate_access_key_90_days -- ValueError[349]: time data '2023-08-09T16:50:13Z' does not match format '%Y-%m-%dT%H:%M:%S+00:00' Something went wrong in iam_user_accesskey_unused, please use --log-level ERROR

2024-07-15 13:15:34,958 [File: check.py:463] [Module: check] ERROR: iam_user_accesskey_unused -- ValueError[349]: time data '2024-07-15T12:35:00Z' does not match format '%Y-%m-%dT%H:%M:%S+00:00'

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

Local workstation (Macbook Pro 2021)

OS used

macOS 14.5

Prowler version

4.2.4

Pip version

22.3.1

Context

I'm seeing errors on several AWS iam checks related to timestamps not being in the expected format.

Is this something you can change in the aws cli profiles I've not found? Or is prowler not supporting what ever time format this AWS account happens to be using?

sergargar commented 1 month ago

Hi @snowmirage , thanks for reaching us out! We just fixed the issue here and we will do a release with the fix soon 🚀 Could you try to execute Prowler in our GitHub master branch to verify if the issue still persists?

sergargar commented 1 month ago

Prowler 4.3.0 contains the fix of this issue, please use pip install prowler --upgrade to update Prowler to the new version and feel free to reopen the issue if you are still facing the error.

Thanks for using Prowler 🚀 !

snowmirage commented 1 month ago

Fix Confirmed Thank you!