Aller au contenu

Prowler#

https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/

Commands#

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Get List of compliance
prowler aws --list-compliance

# Run test for a specific compliance
prowler <provider> --compliance <compliance_framework>
prowler aws --compliance nist_800_53_revision_5_aws
prowler aws --compliance ISO27001_2022_AWS
prowler aws --compliance cis_3.0_aws

# Get AWS Inventory
prowler aws -i

Run for all accounts is AWS#

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
ACCOUNTS_IN_ORGS=$(aws organizations list-accounts \
  --query "Accounts[?Status=='ACTIVE'].Id" \
  --output text \
)

for accountId in $ACCOUNTS_IN_ORGS;
do
  prowler aws \
    -O arn:aws:iam::<management_organizations_account_id>:role/<role_name> \
    -R arn:aws:iam::"${accountId}":role/<role_name>;
done