steampipe-plugin-aws: Route53 Zones return 403 when using aggregators

Describe the bug 403 Errors when querying a aws_route53_record table from an account other than the owner. This query in the Hub documentation throws errors

Steampipe version (steampipe -v) steampipe version 0.17.0-rc.2

Plugin version (steampipe plugin list) hub.steampipe.io/plugins/turbot/aws@latest | 0.80.0

To reproduce

Setup two AWS accounts each with a hosted_zone, and then an aggregate of the two accounts in the front of the search path.

select
  r.name,
  r.type,
  r.records,
  r.alias_target
from
  aws_route53_zone as z,
  aws_route53_record as r
where
  r.zone_id = z.id ;

This error is returned multiple times:

	operation error Route 53: ListResourceRecordSets, https response error StatusCode: 403, RequestID: 67e26688-cd22-4cbf-bd24-331669217f5c, api error AccessDenied: User: arn:aws:sts::xxxx:assumed-role/xxx-audit/steampipe is not authorized to access this resource

Expected behavior When querying a hosted_zone that’s outside the account that can list it, the 403 should be ignored.

Additional context I can provide access to a test environment.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 17 (7 by maintainers)

Most upvoted comments

Hey @bigdatasourav Wowiee!! What a difference!! Completed in 6 seconds!!

$ time steampipe query 'select count(*) from (select name,  type,  records,  alias_target from   aws_all_exclude_sonet_childs.aws_route53_record) inside'
+-------+
| count |
+-------+
| 1673  |
+-------+

real    0m6.942s
user    0m2.959s
sys     0m0.634s

I think that solves this issue, once merged, this can be closed off. Thanks heaps for all your help 😃

+2
captainfalcon23 on Jun 28, 2023
Read more comments on GitHub
← steampipe-plugin-aws: AWS plugin v0.107.0 hangs indefinately when querying aws_backup_* tables
steampipe-plugin-aws: [Turbot / AWS] table 'aws_ssoadmin_account_assignment' doesn't work for IAM Identity Center (formerly known as AWS SSO) →