Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--filters ignored for aws scanning #1531

Open
jeff-d opened this issue Jan 7, 2025 · 0 comments
Open

--filters ignored for aws scanning #1531

jeff-d opened this issue Jan 7, 2025 · 0 comments
Assignees
@vjeffrey

Comments

@jeff-d
Copy link

jeff-d commented Jan 7, 2025

Describe the bug
Unable to limit cnspec aws scanning to a single region.

To Reproduce
Steps to reproduce the behavior:
Attempt to filter AWS scans by region using the example filter syntax:
cnspec scan aws --filters all:region=us-east-2
cnspec scan aws --filters region=us-east-2
cnspec scan aws --filters ec2:region=us-east-2

Expected behavior
Output from --log-level debug should only show AWS API requests to the specified region.

Screenshots or CLI Output

cnspec scan aws --profile luna-prod --filters region=us-east-2 --log-level debug
DBG using provider aws with connector aws
DBG Started a new runtime (1 total)
DBG no need to update provider last-refresh=1m32.133363s provider=aws
DBG Log level set to debug
DBG Started a new runtime (2 total)
→ no Mondoo configuration file provided, using defaults
! No credentials provided. Switching to --incognito mode.
DBG Started a new runtime (3 total)
→ discover related assets for 1 asset(s)
DBG Started a new runtime (4 total)
DBG new aws connection
DBG using aws profile profile=luna-prod
...
DBG connecting to asset AWS Account lunalectric-prod (111122223333) (AWS Account)
DBG run scan asset="AWS Account lunalectric-prod (111122223333)"
...
DBG init an ec2 instance
DBG no region cache or region limits found. fetching regions
DBG performing request method=POST url=https://ec2.us-east-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region eu-west-1
DBG ec2>getInstances>calling aws with region eu-west-3
DBG ec2>getInstances>calling aws with region eu-west-2
DBG ec2>getInstances>calling aws with region eu-north-1
DBG ec2>getInstances>calling aws with region ap-south-1
DBG performing request method=POST url=https://ec2.ap-south-1.amazonaws.com/
DBG performing request method=POST url=https://ec2.eu-west-2.amazonaws.com/
DBG performing request method=POST url=https://ec2.eu-west-1.amazonaws.com/
DBG performing request method=POST url=https://ec2.eu-north-1.amazonaws.com/
DBG performing request method=POST url=https://ec2.eu-west-3.amazonaws.com/
DBG ec2>getInstances>calling aws with region ap-northeast-3
DBG performing request method=POST url=https://ec2.ap-northeast-3.amazonaws.com/
DBG ec2>getInstances>calling aws with region ap-northeast-2
DBG performing request method=POST url=https://ec2.ap-northeast-2.amazonaws.com/
DBG ec2>getInstances>calling aws with region ap-northeast-1
DBG performing request method=POST url=https://ec2.ap-northeast-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region ca-central-1
DBG performing request method=POST url=https://ec2.ca-central-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region sa-east-1
DBG performing request method=POST url=https://ec2.sa-east-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region ap-southeast-1
DBG performing request method=POST url=https://ec2.ap-southeast-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region ap-southeast-2
DBG performing request method=POST url=https://ec2.ap-southeast-2.amazonaws.com/
DBG ec2>getInstances>calling aws with region eu-central-1
DBG performing request method=POST url=https://ec2.eu-central-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region us-east-1
DBG use cached ec2 client
DBG performing request method=POST url=https://ec2.us-east-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region us-east-2
DBG performing request method=POST url=https://ec2.us-east-2.amazonaws.com/
DBG ec2>getInstances>calling aws with region us-west-1
DBG performing request method=POST url=https://ec2.us-west-1.amazonaws.com/
DBG ec2>getInstances>calling aws with region us-west-2
DBG performing request method=POST url=https://ec2.us-west-2.amazonaws.com/

Desktop (please complete the following information):

  • OS: macOS
  • OS Version: 15.2
@vjeffrey vjeffrey self-assigned this Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vjeffrey vjeffrey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeff-d @vjeffrey