Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Terraform_stack.py fails setting up workspace on suspended AWS accounts #218

Open
tantonjt-aws opened this issue May 10, 2024 · 0 comments
Open

[BUG] Terraform_stack.py fails setting up workspace on suspended AWS accounts #218

tantonjt-aws opened this issue May 10, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@tantonjt-aws
Copy link

Describe the bug

Terraform_stack.py fails setting up workspace on suspended AWS accounts

To Reproduce

Steps to reproduce the behavior:

  1. Go to: /aws-security-reference-architecture-examples/aws_sra_examples/terraform/solutions
  2. Run: python3python3 terraform_stack.py plan
  3. See Error if the AWS Account is Suspended.

Error: operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: 8342b965-a2de-4cab-89e2-0c324cbfade6, api error
AccessDenied: User: arn:aws:sts::632617325597:assumed-role/Admin/tantonjt-Isengard is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::654654472939:role/sra-execution

Expected behavior

Workspace is created and plan is created /updated.

Screenshots

image

If applicable, add screenshots to help explain your problem.

Deployment Environment (please complete the following information)

  • Deployment Framework [e.g. ]: Using Terraform installation process with Control Tower
  • Deployment Framework Version [e.g. 1.0, 2.0]:

Additional context

The solution to the problem is to filter the list of accounts in the python script.

aws-security-reference-architecture-examples/aws_sra_examples/terraform/solutions/terraform_stack.py

Existing line of code :
accounts = [account["Id"] for page in paginator.paginate() for account in page["Accounts"]]

aws-security-reference-architecture-examples/aws_sra_examples/terraform/solutions/terraform_stack.py

Line 71 in aa58485

accounts = [account["Id"] for page in paginator.paginate() for account in page["Accounts"]]

Updated line should be
accounts = [account["Id"] for page in paginator.paginate() for account in page["Accounts"] if account['Status'] == 'ACTIVE' ]

Add any other context about the problem here.
@tantonjt-aws tantonjt-aws added the bug Something isn't working label May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tantonjt-aws