From 1a0f9958d7ba5726504ab57dd4ed3378e2d63cd0 Mon Sep 17 00:00:00 2001
From: Avik <mukavik@amazon.com>
Date: Thu, 25 Sep 2025 11:42:38 -0500
Subject: [PATCH] Add exception handling for InternalServerException in
 lookup_associated_accounts

- Add exception handling for InternalServerException in lookup_associated_accounts
- AWS Inspector sometimes returns InternalServerException instead of ResourceNotFoundException
- Check error message for 'is not an associated member' to handle this case
- Fixes issue #316 where account association checks would fail unexpectedly
---
 .../inspector/inspector_org/lambda/src/inspector.py       | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py
index 3bd16520c..adf8ccc75 100644
--- a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py
+++ b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py
@@ -131,6 +131,14 @@ def lookup_associated_accounts(inspector2_client: Inspector2Client, account_id:
         response = inspector2_client.get_member(accountId=account_id)
     except inspector2_client.exceptions.ResourceNotFoundException:
         return False
+    except inspector2_client.exceptions.InternalServerException as e:
+        # Check if this is the specific error about account not being associated
+        if "is not an associated member" in str(e):
+            LOGGER.info(f"Account {account_id} is not an associated member yet")
+            return False
+        else:
+            LOGGER.error(f"Failed to get inspector members due to InternalServerException. {e}")
+            raise
     except Exception as e:
         LOGGER.error(f"Failed to get inspector members. {e}")
         raise