Cherry-pick #21101 to 7.9: Fix index out of range error when getting …

…AWS account name (#21144) * Fix index out of range error when getting AWS account name (#21101) (cherry picked from commit 568fbff)
elastic · Sep 17, 2020 · 5f9fafd · 5f9fafd
1 parent 36eb6f7
commit 5f9fafd
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 19 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -102,6 +102,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix overflow on Prometheus rates when new buckets are added on the go. {pull}17753[17753]
 - Add a switch to the driver definition on SQL module to use pretty names {pull}17378[17378]
 - The `elasticsearch/index` metricset only requests wildcard expansion for hidden indices if the monitored Elasticsearch cluster supports it. {pull}20938[20938]
+- Fix panic index out of range error when getting AWS account name. {pull}21101[21101] {issue}21095[21095]
 - Handle missing counters in the application_pool metricset. {pull}21071[21071]
 
 *Packetbeat*

diff --git a/x-pack/metricbeat/module/aws/aws.go b/x-pack/metricbeat/module/aws/aws.go
@@ -12,6 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/ec2iface"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
+	"github.com/aws/aws-sdk-go-v2/service/iam/iamiface"
 	"github.com/aws/aws-sdk-go-v2/service/rds"
 	"github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
@@ -104,25 +105,6 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) {
 		awsConfig.Region = "us-east-1"
 	}
 
-	svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint(
-		config.AWSConfig.Endpoint, "iam", "", awsConfig))
-	req := svcIam.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{})
-	output, err := req.Send(context.TODO())
-	if err != nil {
-		base.Logger().Warn("failed to list account aliases, please check permission setting: ", err)
-		metricSet.AccountName = metricSet.AccountID
-	} else {
-		// When there is no account alias, account ID will be used as cloud.account.name
-		if len(output.AccountAliases) == 0 {
-			metricSet.AccountName = metricSet.AccountID
-		}
-
-		// There can be more than one aliases for each account, for now we are only
-		// collecting the first one.
-		metricSet.AccountName = output.AccountAliases[0]
-		base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName)
-	}
-
 	// Get IAM account id
 	svcSts := sts.New(awscommon.EnrichAWSConfigWithEndpoint(
 		config.AWSConfig.Endpoint, "sts", "", awsConfig))
@@ -135,6 +117,11 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) {
 		base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID)
 	}
 
+	// Get account name/alias
+	svcIam := iam.New(awscommon.EnrichAWSConfigWithEndpoint(
+		config.AWSConfig.Endpoint, "iam", "", awsConfig))
+	metricSet.AccountName = getAccountName(svcIam, base, metricSet)
+
 	// Construct MetricSet with a full regions list
 	if config.Regions == nil {
 		svcEC2 := ec2.New(awscommon.EnrichAWSConfigWithEndpoint(
@@ -169,6 +156,30 @@ func getRegions(svc ec2iface.ClientAPI) (completeRegionsList []string, err error
 	return
 }
 
+func getAccountName(svc iamiface.ClientAPI, base mb.BaseMetricSet, metricSet MetricSet) string {
+	req := svc.ListAccountAliasesRequest(&iam.ListAccountAliasesInput{})
+	output, err := req.Send(context.TODO())
+
+	accountName := metricSet.AccountID
+	if err != nil {
+		base.Logger().Warn("failed to list account aliases, please check permission setting: ", err)
+		return accountName
+	}
+
+	// When there is no account alias, account ID will be used as cloud.account.name
+	if len(output.AccountAliases) == 0 {
+		accountName = metricSet.AccountID
+		base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID)
+		return accountName
+	}
+
+	// There can be more than one aliases for each account, for now we are only
+	// collecting the first one.
+	accountName = output.AccountAliases[0]
+	base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName)
+	return accountName
+}
+
 // StringInSlice checks if a string is already exists in list and its location
 func StringInSlice(str string, list []string) (bool, int) {
 	for idx, v := range list {