Allow the use of aws profile even if we have one account
cp-a1cloud opened this issue · comments
Description:
What issue is being seen? Describe what should be happening instead of the bug, for example: Cartography should not crash, the expected value isn't returned, the data schema is wrong, etc.
We actually can't use profile when using --aws-sync-all-profiles
with one account, the default profile will be used
To Reproduce:
Steps to reproduce the behavior. Provide all data and inputs required to reproduce the issue.
Configure config file with one account:
[profile XXXXX]
role_arn = arn:aws:iam::XXXXX:role/XXXXX
region = eu-west-1
output = json
credential_source = EcsContainer
then launch cartography cli
cartography -v --aws-sync-all-profiles --neo4j-uri bolt://$NEO4J_URI:7687 --neo4j-password-env-var=NEO4J_PASSWORD --neo4j-user=neo4j
Logs:
If applicable, copy and paste your console log with the failing stack trace.
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListUsers operation: User: arn:aws:sts::XXXX:assumed-role/XXXX is not authorized to perform: iam:ListUsers on resource: arn:aws:iam::XXXXX:user/ because no identity-based policy allows the iam:ListUsers action
Please complete the following information::
- Cartography release version [0.75.0]
- Python version: [3.9.16]
Additional context:
Add any other context about the problem here.
A pull request will be proposed right away
Thanks for filing this. Will make sure your PR is reviewed
I am having the same problem. Look at this issue please:
#1185