-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crash while scanning principals that use deprecated permission policies #136
Labels
bug
Something isn't working
Comments
For the moment, I'm working around the issue. In
with
and
with
|
The same issue is present for the deprecated policy
|
Related: nccgroup/ScoutSuite#1573 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
AWS has deprecated a few of its more broken AWS-managed Policies, including
arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
. When I try to scan an account containing a principal with this Policy attached, I get a crash with the following stack trace:When I look up this specific principal in AWS Console and follow the link to AWSCodePipelineFullAccess, I get a page with the warning "[DEPRECATED] this policy has been removed -- please use [AWSCodePipeline_FullAccess] instead.". It does still list permissions, so maybe there is still a way to retrieve the permissions through the API?
I'm not sure what other deprecated AWS-managed Policies there are.
To Reproduce
I'm not sure if it's still possible to attach this Policy to a new principal. You might need to find an existing Principal that already has it attached. Assuming that it's still possible:
pmapper graph create
against the account.Expected behavior
If possible, look up the details of the deprecated Policy. If not, catch the exception and move on.
The text was updated successfully, but these errors were encountered: