Skip to content

Commit

Permalink
fix(organizations): no finding for access denied in listing policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@sergargar
sergargar committed Oct 14, 2024
1 parent 037e40f commit 236a398
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 25 deletions.
24 changes: 12 additions & 12 deletions ...ions/organizations_opt_out_ai_services_policy/organizations_opt_out_ai_services_policy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@ def execute(self):
findings = []

for org in organizations_client.organizations:
report = Check_Report_AWS(self.metadata())
report.resource_id = org.id
report.resource_arn = org.arn
report.region = organizations_client.region
report.status = "FAIL"
report.status_extended = (
"AWS Organizations is not in-use for this AWS Account."
)
if org.status == "ACTIVE":
report.status_extended = f"AWS Organization {org.id} has not opted out of all AI services, granting consent for AWS to access its data."
if org.policies is not None: # Access Denied to list_policies
if org.policies is not None: # Access Denied to list_policies
report = Check_Report_AWS(self.metadata())
report.resource_id = org.id
report.resource_arn = org.arn
report.region = organizations_client.region
report.status = "FAIL"
report.status_extended = (
"AWS Organizations is not in-use for this AWS Account."
)
if org.status == "ACTIVE":
report.status_extended = f"AWS Organization {org.id} has not opted out of all AI services, granting consent for AWS to access its data."
for policy in org.policies.get("AISERVICES_OPT_OUT_POLICY", []):
if (
policy.content.get("services", {})
Expand All @@ -32,6 +32,6 @@ def execute(self):
report.status_extended = f"AWS Organization {org.id} has opted out of all AI services, not granting consent for AWS to access its data."
break

findings.append(report)
findings.append(report)

return findings
26 changes: 13 additions & 13 deletions ...ns_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,26 +9,26 @@ def execute(self):
findings = []

for org in organizations_client.organizations:
report = Check_Report_AWS(self.metadata())
report.resource_id = org.id
report.resource_arn = org.arn
report.region = organizations_client.region
report.status = "FAIL"
report.status_extended = (
"AWS Organizations is not in-use for this AWS Account."
)

if org.status == "ACTIVE":
if org.policies is not None: # Access Denied to list_policies
report = Check_Report_AWS(self.metadata())
report.resource_id = org.id
report.resource_arn = org.arn
report.region = organizations_client.region
report.status = "FAIL"
report.status_extended = (
f"AWS Organizations {org.id} does not have tag policies."
"AWS Organizations is not in-use for this AWS Account."
)
if org.policies is not None: # Access Denied to list_policies

if org.status == "ACTIVE":
report.status_extended = (
f"AWS Organizations {org.id} does not have tag policies."
)
for policy in org.policies.get("TAG_POLICY", []):
report.status_extended = f"AWS Organization {org.id} has tag policies enabled but not attached."
if policy.targets:
report.status = "PASS"
report.status_extended = f"AWS Organization {org.id} has tag policies enabled and attached to an AWS account."

findings.append(report)
findings.append(report)

return findings

0 comments on commit 236a398

Please sign in to comment.