in src/securityhub_enabler.py [0:0]
def get_enabled_regions(region_session, regions):
"""
With the introduction of regions that can be disabled,
it is necessary to test to see if a region can be used
and not just assume we can enable it.
"""
enabled_regions = []
for region in regions:
sts_client = region_session.client(
'sts',
endpoint_url=f"https://sts.{region}.amazonaws.com",
region_name=region
)
try:
sts_client.get_caller_identity()
enabled_regions.append(region)
except ClientError as e:
if e.response['Error']['Code'] == "InvalidClientTokenId":
LOGGER.info(f"{region} region is disabled.")
else:
# LOGGER.debug("Error %s %s" % (e.response['Error'],region))
err = e.response['Error']
LOGGER.error(f"Error {err} occurred testing region {region}")
LOGGER.info(f"Enabled Regions: {enabled_regions}")
return enabled_regions