Comments (7)
enabled_regions takes a comma separated string of regions, ie: us-east-1,us-east-2,us-west-1... so remove the 's and [] from your command line
from aws-securityhub-multiaccount-scripts.
Can you include the command line you are using? Ensure that you have the correct role name (ManageSecurityHub) in the command
from aws-securityhub-multiaccount-scripts.
Hi, Yes I am running with the correct rolename , Below is the command :
./enablesecurityhub.py --master_account --assume_role ManageSecurityHub input.csv
from aws-securityhub-multiaccount-scripts.
Complete message :
Enabling members in all available SecurityHub regions [u'ap-east-1', u'ap-northeast-1', u'ap-northeast-2', u'ap-south-1', u'ap-southeast-1', u'ap-southeast-2', u'ca-central-1', u'eu-central-1', u'eu-north-1', u'eu-west-1', u'eu-west-2', u'eu-west-3', u'sa-east-1', u'us-east-1', u'us-east-2', u'us-west-1', u'us-west-2']
Assumed session for <ID>.
An error occurred (UnrecognizedClientException) when calling the EnableSecurityHub operation: The security token included in the request is invalid
Error: Unable to enable Security Hub on Master account in region ap-east-1
from aws-securityhub-multiaccount-scripts.
Actually sorry, I now see the problem - its not your permissions but rather the inclusion of ap-east-1 (HKG) where if the region is not enabled the STS credentials are not valid. I will put together a fix for this but in the meantime you can use the --enabled_regions [list out the regions above, minus ap-east-1] to get around this condition
from aws-securityhub-multiaccount-scripts.
Thats weird. Now, I'm getting below error:
#./enablesecurityhub.py --master_account <ID>--assume_role ManageSecurityHub --enabled_regions
['ap-northeast-1','ap-northeast-2','ap-south-1','ap-southeast-1','ap-southeast-2','ca-central-1','eu-central-1','eu-north-1','eu-west-1','eu-west-2','eu-west-3','s
a-east-1','us-east-1','us-east-2','us-west-1','us-west-2'] input.csv
Enabling members in these regions: ['[ap-northeast-1', 'ap-northeast-2', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ca-central-1', 'eu-central-1', 'eu-north-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'sa-east-1', 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2]']
Assumed session for <ID>.
Traceback (most recent call last):
File "./enablesecurityhub.py", line 257, in
master_clients[aws_region] = master_session.client('securityhub', region_name=aws_region)
File "/usr/lib/python2.7/site-packages/boto3/session.py", line 263, in client
aws_session_token=aws_session_token, config=config)
File "/usr/lib/python2.7/site-packages/botocore/session.py", line 839, in create_client
client_config=config, api_version=api_version)
File "/usr/lib/python2.7/site-packages/botocore/client.py", line 86, in create_client
verify, credentials, scoped_config, client_config, endpoint_bridge)
File "/usr/lib/python2.7/site-packages/botocore/client.py", line 328, in _get_client_args
verify, credentials, scoped_config, client_config, endpoint_bridge)
File "/usr/lib/python2.7/site-packages/botocore/args.py", line 85, in get_client_args
client_cert=new_config.client_cert)
File "/usr/lib/python2.7/site-packages/botocore/endpoint.py", line 259, in create_endpoint
if not is_valid_endpoint_url(endpoint_url):
File "/usr/lib/python2.7/site-packages/botocore/utils.py", line 842, in is_valid_endpoint_url
parts = urlsplit(endpoint_url)
File "/usr/lib64/python2.7/urlparse.py", line 233, in urlsplit
raise ValueError("Invalid IPv6 URL")
ValueError: Invalid IPv6 URL
from aws-securityhub-multiaccount-scripts.
That was my bad! It worked !! :) Thank you for all your help and awesome script! I will keep an eye for new updates to it.
from aws-securityhub-multiaccount-scripts.
Related Issues (20)
- AccessDenied when calling the AssumeRole operation
- InvalidInputException HOT 2
- Invalid length for parameter StandardsSubscriptionRequests HOT 2
- AWS Foundational Security Best Practices controls HOT 2
- Error with not-opted-in regions with unspecified --enabled_regions
- Unable to run locally
- Will script support setting up master accounts only for now?
- Error Processing Account HOT 4
- It fails with incorrect error for each region not already enabled HOT 16
- CSV example needed HOT 1
- AWS Config not enabled and SNS topics creation
- Feature: Enable for all accounts in organization HOT 5
- sts:AssumeRole fails for sso user and iam account user HOT 2
- Fails and leaves the accounts in a broken state...
- Doesn't notice failures due to not waiting for config to enable
- Should this work in GovCloud?
- Getting timeout error after assuming role in check_config() part HOT 1
- AWS Foundational Security Best Practices v1.0.0 getting enabled by default HOT 3
- Disable Security Hub on a particular region
- Error: The state/task 'UpdateMembers' returned a result with a size exceeding the maximum number of bytes service limit. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-securityhub-multiaccount-scripts.