thejaywhy
commented
2 weeks ago Hi @blaargh , thanks for notifying us about this, we are going to review it and we'll get back to you soon.
Thanks for using Prowler 🚀
Closed blaargh closed 2 weeks ago
thejaywhy
commented
2 weeks ago Hi @blaargh , thanks for notifying us about this, we are going to review it and we'll get back to you soon.
Thanks for using Prowler 🚀
pedrooot
commented
2 weeks ago Hey @blaargh could you share the execution using the --log-level ERROR flag? It will help me to debug this error.
Btw, it seems that it could be related with #4866
blaargh
commented
2 weeks ago hey @pedrooot I tried reproducing the error by only executing the mentioned check with log level ERROR. I used prowler locally on my MacBook for this instead of the Docker image. My local installation is version 4.3.5, where this error does not occur (the check passes). I will reproduce it with the Docker image and version 4.4.0
blaargh
commented
2 weeks ago This is the output from the prowler command in version 4.4.0 with log level ERROR:
~ $ prowler -p <> -b -F index -M html json-ocsf csv -f eu-central-1 eu-west-1 us-east-1 --check rds_instance_certificate_expiration --log-level ERROR
-> Using the AWS credentials below:
· AWS-CLI Profile: <>
· AWS Regions: eu-west-1, eu-central-1, us-east-1
· AWS Account: <>
· User Id: <>
· Caller Identity ARN: arn:aws:iam::<>:user/audit
-> Using the following configuration:
· Config File: /home/prowler/.local/lib/python3.12/site-packages/prowler/config/config.yaml
· Mutelist File: /home/prowler/.local/lib/python3.12/site-packages/prowler/config/aws_mutelist.yaml
· Scanning unused services and resources: False
Executing 1 check, please wait...
2024-08-27 06:56:49,740 [File: rds_service.py:159] [Module: rds_service] ERROR: eu-west-1 -- AttributeError[136]: 'str' object has no attribute 'region'
2024-08-27 06:56:49,742 [File: rds_service.py:159] [Module: rds_service] ERROR: eu-central-1 -- AttributeError[136]: 'str' object has no attribute 'region'
2024-08-27 06:56:49,742 [File: rds_service.py:159] [Module: rds_service] ERROR: us-east-1 -- AttributeError[136]: 'str' object has no attribute 'region'
-> Scan completed! |▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉| 1/1 [100%] in 19.7s
Overview Results:
╭───────────────────┬─────────────────┬────────────────╮
│ 100.0% (4) Failed │ 0.0% (0) Passed │ 0.0% (0) Muted │
╰───────────────────┴─────────────────┴────────────────╯
Account <> Scan Results (severity columns are for fails only):
╭────────────┬───────────┬──────────┬────────────┬────────┬──────────┬───────┬─────────╮
│ Provider │ Service │ Status │ Critical │ High │ Medium │ Low │ Muted │
├────────────┼───────────┼──────────┼────────────┼────────┼──────────┼───────┼─────────┤
│ aws │ rds │ FAIL (4) │ 4 │ 0 │ 0 │ 0 │ 0 │
╰────────────┴───────────┴──────────┴────────────┴────────┴──────────┴───────┴─────────╯
* You only see here those services that contains resources.
Detailed results are in:
- JSON-OCSF: /home/prowler/output/index.ocsf.json
- CSV: /home/prowler/output/index.csv
- HTML: /home/prowler/output/index.htmlFor reference, this is how it looks (same account, same resources, same check) in version 4.3.5:
$ prowler -p <> -b -F index -M html json-ocsf csv -f eu-central-1 eu-west-1 us-east-1 --check rds_instance_certificate_expiration --log-level ERROR
-> Using the AWS credentials below:
· AWS-CLI Profile: <>
· AWS Regions: eu-central-1, us-east-1, eu-west-1
· AWS Account: <>
· User Id: <>
· Caller Identity ARN: arn:aws:iam::<>:user/audit
-> Using the following configuration:
· Config File: /opt/homebrew/Cellar/prowler/4.3.5/libexec/lib/python3.12/site-packages/prowler/config/config.yaml
· Mutelist File: /opt/homebrew/Cellar/prowler/4.3.5/libexec/lib/python3.12/site-packages/prowler/config/aws_mutelist.yaml
· Scanning unused services and resources: False
Executing 1 check, please wait...
-> Scan completed! |▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉| 1/1 [100%] in 19.9s
Overview Results:
╭─────────────────┬───────────────────┬────────────────╮
│ 0.0% (0) Failed │ 100.0% (4) Passed │ 0.0% (0) Muted │
╰─────────────────┴───────────────────┴────────────────╯
Account <> Scan Results (severity columns are for fails only):
╭────────────┬───────────┬──────────┬────────────┬────────┬──────────┬───────┬─────────╮
│ Provider │ Service │ Status │ Critical │ High │ Medium │ Low │ Muted │
├────────────┼───────────┼──────────┼────────────┼────────┼──────────┼───────┼─────────┤
│ aws │ rds │ PASS (4) │ 0 │ 0 │ 0 │ 0 │ 0 │
╰────────────┴───────────┴──────────┴────────────┴────────┴──────────┴───────┴─────────╯
* You only see here those services that contains resources.
Detailed results are in:
- JSON-OCSF: /<>/output/index.ocsf.json
- CSV: /<>/output/index.csv
- HTML: /<>/output/index.htmlThanks for all the info! Now I'm sure that #4866 will fix that. I'll add your issue ID to the PR description, this way you'll get notified once this is merged and this issue will be closed
Steps to Reproduce
When running prowler, the check
rds_instance_certificate_expirationfails even though the affected RDS instances have up-to-date certificates.Expected behavior
The check should correctly detect non-expired certificates
Actual Result with Screenshots or Logs
How did you install Prowler?
Docker (docker pull toniblyx/prowler)
Environment Resource
OS used
Prowler version
Prowler 4.4.0 (You are running the latest version, yay!)
Pip version
pip 24.2 from /usr/local/lib/python3.12/site-packages/pip (python 3.12)
Context
No response