WAFv2 Table Populated AssociatedResources from Wrong Service

[hrmcardle0]

Describe the bug When calling the query:

select name, associated_resources from aws_wafv2_web_acl

Steampipe attempts to call the "listAssociatedResources" action from the "servicecatalog-appregistry" service. giving the error "table 'aws_wafv2_web_acl' column 'associated_resources' requires hydrate data from listAssociatedResources, which failed with error operation error WAFV2: ListResourcesForWebACL, https response error StatusCode: 400, RequestID: 70b443fc-b463-4a75-9e3c-fffa7630a48f, api error AccessDeniedException: You don't have the permissions that are required to perform this operation"

It should just need to call "ListResourceForWebACL" from the "waf" service. I can call this command fine with just my creds however the readonly/securityaudit role I am using does not have servicecatalog-appregistry permissions.

Why is it required that steampipe call a servicecatalog action for this but the same info is gotten via the cli just using a call the waf service?

Steampipe version (steampipe -v) v0.20.8

To reproduce test the above query on a user with just the standard AWS readonly perms

Expected behavior steampipe returns the associated resources for the WebACL

[ParthaI]

@hrmcardle0, Welcome to Steampipe!

We're sorry to hear that you are experiencing some issues. Before we dig into this, can you please provide a few informations?

• What is the version of the AWS plugin you are using?
• Can you please provide the list of permissions assigned to the readonly/securityaudit role?
• Assuming that you are running it in your local terminal? If not, could you please give it a try with same set of permissions in local terminal?

Thanks!

[ParthaI]

Hey, @hrmcardle0 Could you please share any update or feed back regarding the above comment?

[cbruno10]

Hi @hrmcardle0 , we're closing this issue as we haven't heard back from you yet, but if you still see this issue, please let us know. Thanks!