Handling exceptions aws_macie2_classification_job table

Describe the bug aws_macie2_classification_job table returns AccessDeniedException in case any one of the regions is configured in aws.spcfile is not enabled with Macie.

Also, provide the Macie service enabled/disabled status part of this table.

Steampipe version (steampipe -v) Example: v0.3.0

Plugin version (steampipe plugin list) Example: v0.5.0

To reproduce

Error when IAM user with all required permissions and only 1 region is enabled with Macie

> select * from aws_aab.aws_macie2_classification_job
Error: AccessDeniedException: Macie is not enabled.
> select * from aws_aab.aws_macie2_classification_job where region = 'us-east-1'
+--------------+----------------------------------+-------------------------------------------------------------------------------------------+------------+----------+--------------------------------------+------
| name         | job_id                           | arn                                                                                       | job_status | job_type | client_token                         | creat
+--------------+----------------------------------+-------------------------------------------------------------------------------------------+------------+----------+--------------------------------------+------
| bucket-audit | f9d91733ace0a9sdfdsfsdfsdfsd98916e | arn:aws:macie2:us-east-1:123493682495:classification-job/f9d91733ace0a93c09e8da13f598916e | COMPLETE   | ONE_TIME | cf6b6918-9c3f-4a33-887b-f4f834a1046d | 2021-
+--------------+----------------------------------+-------------------------------------------------------------------------------------------+------------+----------+--------------------------------------+------

The exception remains the same with a different message when a user with no IAM privileges, tries to query


> select * from aws_macie2_classification_job
Error: AccessDeniedException: User: arn:aws:iam::533793682495:user/macie-test is not authorized to perform: macie2:ListClassificationJobs on resource: arn:aws:macie2:ap-south-1:533793682495:*
> .exit

CLI Output

turbot-macpro-raj:steampipe-mod-aws-top10 raj$ aws macie2 list-classification-jobs --profile devaab --region us-east-1
{
    "items": [
        {
            "bucketDefinitions": [
                {
                    "accountId": "123453682495",
                    "buckets": [
                        "andrew-turbot-test-bucket",
                        "aws-logs-123453682495-us-east-1"
                    ]
                }
            ],
            "createdAt": "2021-09-06T18:13:46.335482+00:00",
            "jobId": "f9d91733ace0a93c09e8da13f598916e",
            "jobStatus": "COMPLETE",
            "jobType": "ONE_TIME",
            "lastRunErrorStatus": {
                "code": "NONE"
            },
            "name": "bucket-audit"
        }
    ]
}
turbot-macpro-raj:steampipe-mod-aws-top10 raj$ aws macie2 list-classification-jobs --profile devaab --region ap-south-1

An error occurred (AccessDeniedException) when calling the ListClassificationJobs operation: Macie is not enabled.

turbot-macpro-raj:steampipe-mod-aws-top10 raj$ aws macie2 list-classification-jobs --profile devaab-onlyrds --region ap-south-1

An error occurred (AccessDeniedException) when calling the ListClassificationJobs operation: User: arn:aws:iam::123453682495:user/macie-test is not authorized to perform: macie2:ListClassificationJobs on resource: arn:aws:macie2:ap-south-1:123453682495:*
turbot-macpro-raj:steampipe-mod-aws-top10 raj$

Expected behavior Do we need to handle the message, not the exception?

Additional context Add any other context about the problem here.

turbot / steampipe-plugin-aws

Handling exceptions aws_macie2_classification_job table #641