From 2c89c34514fcbb7950527e44abfed6e950ad7522 Mon Sep 17 00:00:00 2001
From: Christophe Tafani-Dereeper <christophe.tafanidereeper@datadoghq.com>
Date: Tue, 25 Jul 2023 11:27:19 +0200
Subject: [PATCH] [AWS] Catch the appropriate error in
 aws.execution.ec2-launch-unusual-instances (closes #387) (#390)

---
 .../aws/execution/ec2-launch-unusual-instances/main.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go b/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go
index 56692b49..8278611e 100644
--- a/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go
+++ b/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go
@@ -76,8 +76,7 @@ func detonate(params map[string]string, providers stratus.CloudProviders) error
 		return errors.New("expected ec2:RunInstances to return an error")
 	}
 
-	if !strings.Contains(err.Error(), "AccessDenied") {
-		// We expected an *AccessDenied* error
+	if !isExpectedError(err) {
 		return errors.New("expected ec2:RunInstances to return an access denied error, got instead: " + err.Error())
 	}
 
@@ -85,3 +84,10 @@ func detonate(params map[string]string, providers stratus.CloudProviders) error
 
 	return nil
 }
+
+func isExpectedError(err error) bool {
+	// We expected an *AccessDenied* or *UnauthorizedOperation* error
+	errorMessage := err.Error()
+	return strings.Contains(errorMessage, "AccessDenied") ||
+		strings.Contains(errorMessage, "UnauthorizedOperation")
+}