Closed hrmcardle0 closed 1 year ago
@hrmcardle0, Welcome to Steampipe!
We're sorry to hear that you are experiencing some issues. Before we dig into this, can you please provide a few informations?
readonly/securityaudit
role?Thanks!
Hey, @hrmcardle0 Could you please share any update or feed back regarding the above comment?
Hi @hrmcardle0 , we're closing this issue as we haven't heard back from you yet, but if you still see this issue, please let us know. Thanks!
Describe the bug When calling the query:
select name, associated_resources from aws_wafv2_web_acl
Steampipe attempts to call the "listAssociatedResources" action from the "servicecatalog-appregistry" service. giving the error "table 'aws_wafv2_web_acl' column 'associated_resources' requires hydrate data from listAssociatedResources, which failed with error operation error WAFV2: ListResourcesForWebACL, https response error StatusCode: 400, RequestID: 70b443fc-b463-4a75-9e3c-fffa7630a48f, api error AccessDeniedException: You don't have the permissions that are required to perform this operation"
It should just need to call "ListResourceForWebACL" from the "waf" service. I can call this command fine with just my creds however the readonly/securityaudit role I am using does not have servicecatalog-appregistry permissions.
Why is it required that steampipe call a servicecatalog action for this but the same info is gotten via the cli just using a call the waf service?
Steampipe version (
steampipe -v
) v0.20.8To reproduce test the above query on a user with just the standard AWS readonly perms
Expected behavior steampipe returns the associated resources for the WebACL