prowler-aws

Run the default set of checks on the AWS account

$ prowler aws

$ prowler aws [[-p|--profile]] [custom-profile] [[-f|--filter-region]] [us-east-1 eu-south-2 ...]

$ prowler aws [[-s|--services]] [s3 ec2 ...]

$ prowler aws [[-c|--checks]] [s3_bucket_public_access]

$ prowler aws [[-e|--excluded-checks]] [s3_bucket_public_access] --exclude-services [s3 ec2 ...]

The command 'prowler-aws' conceptually refers to running the prowler command with options tailored for AWS environments.
Its common syntax is:
prowler [-p aws] [OPTIONS]

Where -p aws explicitly sets the provider to AWS (though it's often the default), and [OPTIONS] represents various parameters to control the scan.

-p, --provider <provider>
    Specifies the cloud provider to scan. For AWS, use 'aws'. While often default, explicit specification ensures AWS targeting.

-r, --region <region>
    Defines the AWS region(s) to include in the scan. Can be specified multiple times for multiple regions, or 'all' to scan all regions.

-f, --profile <profile_name>
    Uses a specific AWS CLI profile from your credentials file (~/.aws/credentials) for authentication.

-c, --check <check_id>
    Runs only the specified security check(s). Multiple checks can be provided as a comma-separated list.

-g, --group <group_id>
    Executes all checks belonging to a specific security group, e.g., 'iam' or 's3'.

-C, --compliance <framework>
    Scans for compliance with a specific framework, e.g., 'cis_1.2_aws', 'pci_3.2.1', or 'hipaa'.

-M, --output-format <format>
    Sets the output report format (e.g., 'json', 'csv', 'html', 'plain').

-o, --output-dir <directory>
    Specifies the directory where the generated reports will be saved.

-q, --quiet
    Suppresses the display of the banner and progress updates during the scan, showing only findings.

-S, --severity <level>
    Filters findings by severity level (e.g., 'critical', 'high', 'medium', 'low', 'informational').

Prowler is an open-source tool designed for Cloud Security Posture Management (CSPM), providing comprehensive security assessments, audits, incident response, and continuous monitoring for AWS environments.

It functions by interacting with AWS APIs to collect configuration data across your accounts and services. By analyzing this data against a vast database of security best practices and compliance benchmarks (including CIS, PCI-DSS, HIPAA, GDPR, SOC2, NIST 800-53, and AWS FTR), Prowler identifies misconfigurations, vulnerabilities, and deviations from security standards.

As an agentless tool, it requires no installation on your AWS instances. Its output helps pinpoint potential security risks, enabling organizations to strengthen their cloud security posture and maintain regulatory compliance.

Using Prowler requires appropriate AWS IAM permissions, typically ReadOnlyAccess, to gather configuration data; insufficient permissions will result in incomplete scans.
Scans on large AWS accounts or multiple regions can be time-consuming and may occasionally encounter AWS API rate limiting.
The experimental '--fix' option should be used with extreme caution as it attempts to make changes to your AWS environment.

For Prowler to function correctly, the AWS user or role executing the command must possess sufficient IAM permissions. A common recommendation is to attach the 'SecurityAudit' or 'ReadOnlyAccess' AWS managed policy, though a custom policy with more granular read-only permissions specific to Prowler's checks is ideal for production environments.

A key strength of Prowler is its extensive integration with various industry compliance frameworks and security benchmarks. Users can easily audit their AWS environment against standards such as CIS Benchmarks, PCI DSS, GDPR, HIPAA, SOC2, and NIST 800-53, simplifying the process of demonstrating compliance to auditors.

Prowler was initially developed by Toni de la Fuente to address internal cloud security assessment needs. It was open-sourced and rapidly gained traction within the cybersecurity community due to its effectiveness in auditing AWS environments. Over time, its capabilities expanded beyond just AWS to include other major cloud providers like Azure and GCP, evolving into a leading multi-cloud CSPM tool.

aws(1), cloudmapper(1), scoutsuite(1), pacu(1)