prowler-aws
AWS cloud security assessment
TLDR
Run AWS security assessment
$ prowler aws
Run specific checks$ prowler aws -c [iam_password_policy] [s3_bucket_public_access]
Run checks for specific services$ prowler aws -s [s3] [iam]
Run with compliance framework$ prowler aws --compliance [cis_2.0_aws]
Filter by severity$ prowler aws --severity [critical] [high]
Output to file in JSON format$ prowler aws -M json-ocsf -o [results/]
List all available checks$ prowler aws -l
SYNOPSIS
prowler aws [options]
DESCRIPTION
prowler aws performs security assessment of AWS accounts. It checks configuration against best practices and compliance frameworks such as CIS, NIST 800, PCI-DSS, GDPR, HIPAA, and others. Identifies misconfigurations, vulnerabilities, and compliance gaps. Results can be output in multiple formats and optionally sent to AWS Security Hub.
PARAMETERS
-c, --checks checks
Specific checks to run.-s, --services services
Services to check (iam, s3, ec2, etc.).-e, --excluded-checks checks
Exclude specific checks from execution.--excluded-services services
Exclude specific services from scanning.--compliance framework
Compliance framework (cis, gdpr, hipaa, etc.).--severity levels
Filter checks by severity (critical, high, medium, low, informational).-M, --output-modes format
Output format (csv, json-asff, json-ocsf, html).-o, --output-directory dir
Output directory.-l, --list-checks
List all available checks.--list-services
List all available services.-p, --profile name
AWS profile.-f, --filter-region region
AWS region(s) to scan.--security-hub
Send findings to AWS Security Hub.
