elastic / cloudbeat / 18559051422
76%
main: 76%

LAST BUILD BRANCH: renovate-groups
DEFAULT BRANCH: main
Ran
Jobs 1
Files 226
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 76.026% (-0.1%) from 76.138%
18559051422

push

github

web-flow 
[9.1](backport #3531) [aws single account]: use aws account name if alias is not configured (#3537)

### Summary of your changes
In AWS (both for CSPM and Asset Inventory) we have 2 ways to initialize
the `cloud.Identity` (that contains the account number and account
name).

On the single-account we use `IdentityProvider.GetIdentity` that used to
call aws `iam.ListAccountAliases` to fetch the configured **aliases**
for the current aws account.

On the organization setup, we use `AccountProvider.ListAccounts` that
calls aws `organizations.ListAccounts` to fetch all the org accounts
with the **name** (not alias) of each one.


In case we have single-account and **no alias configured** in the aws
account, we don't resolve any name because we used to fetch only aliases
in the `IdentityProvider.GetIdentity`.


In this PR:
* Keep fetching aliases as first resolve attempt to keep backwords
compatibility
* If no alias is found, use aws `organizations.DescribeAccount` to fetch
the account **name**.
* AWS
[SecurityAudit](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SecurityAudit.html)
already contains `"organizations:Describe*"`, so its safe to call the
`organizations.DescribeAccount`.




### Screenshot/Data



### Related Issues

Fixes: https://github.com/elastic/kibana/issues/226433


### Checklist
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] I have added the necessary README/documentation (if appropriate)

#### Introducing a new rule?

- [ ] Generate rule metadata using [this
script](https://github.com/elastic/cloudbeat/tree/main/security-policies/dev#generate-rules-metadata)
- [ ] Add relevant unit tests
- [ ] Generate relevant rule templates using [this
script](https://github.com/elastic/cloudbeat/tree/main/security-policies/dev#generate-rule-templates),
and open a PR in
[elastic/packages/cloud_security_posture](https://github.com/elastic/integrations/tree/main/packages/cloud_security_posture)
<... (continued)

1 of 19 new or added lines in 2 files covered. (5.26%)

2 existing lines in 1 file now uncovered.

9314 of 12251 relevant lines covered (76.03%)

16.73 hits per line

New Missed Lines in Diff

Lines Coverage File
18
19.61
 -10.7% internal/resources/providers/awslib/identity_provider.go

Uncovered Existing Lines

Lines Coverage File
2
83.06
 0.0% internal/resources/providers/gcplib/inventory/provider.go
Jobs
ID Job ID Ran Files Coverage
1 18559051422.1 226
76.03
 GitHub Action Run
Source Files on build 18559051422