awslabs / aws-security-assessment-solution Goto Github PK
View Code? Open in Web Editor NEWAn AWS tool to help you create a point in time assessment of your AWS account using Prowler.
License: Apache License 2.0
An AWS tool to help you create a point in time assessment of your AWS account using Prowler.
License: Apache License 2.0
For every role this creates, I would like an easy way to set a custom permissions boundary property. Something like
PermissionsBoundary: 'arn:aws:iam::123xxxxxx789:policy/MyOrganizatoinsPermBoundary'
We have multiple AWS Accounts - different environments/services. It would be better if this utility could be run from 1 account and then review the security settings in multiple other accounts.
The ransomware stack is failing deployment due to the custom resource xLambdaCheckFor2k8 failing to create. Per Lambda, the function is failing. This causes the whole solution to fail to deploy.
xLambdaCheckFor2k8:
Type: AWS::CloudFormation::CustomResource
Properties:
ServiceToken: !GetAtt rLambdaCheckFor2k8.Arn
Maybe scale out by creating 2 build projects. One that orchestrates the other and by chunking the multi-account list in groups of three, then start build for each chunk using the MULTI_ACCOUNT_LIST_OVERRIDE environment variable.
Can we go even higher in parallelism? For customers with ~100+ accounts, the speedup is considerable the more parallelism we have.
Prowler has a native dashboard. I think it'd be a nice touch if there was a boolean value controlling whether the output is simply copied to s3 unmodified and analysis/database resources would not be created. The user could then download and analyze the output with the prowler native reporting dashboard.
It would be nice to have an easy way to continuously scan and monitor prowler results over time. Monthly feels like a good cadence.
The latest version of the SelfServiceSec.yml template is malforming S3 links:
rVPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Join
- ''
- - 'https://'
- !Ref TemplateS3Bucket
- '.s3-'
- !Ref "AWS::Region"
- '.amazonaws.com/SelfServiceSecVPC.yml'
It should read:
rVPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Join
- ''
- - 'https://'
- !Ref TemplateS3Bucket
- '.s3.'
- !Ref "AWS::Region"
- '.amazonaws.com/SelfServiceSecVPC.yml'
The template does not come up with a DeletionPolicy on the resources to be created. Aws CloudFormation complains that it needs to have a DeletionPolicy mentioned on the resources (see the screenshot below).
error1
I have modified the DeletionPolicy with the value "DeletionPolicy: Delete" yet after I did this change, I got another error "As part of the import operation, you cannot modify or add [Outputs]". See the screenshot below.
error2
Any suggestions ?
Suggestion for the section Deployment Guide and file how-to-deploy.md
Reason behind this is if you copy via folder directory and when you run CFN template it will show S3.Access denied error as the CFN would not able to find the files it is looking for as it would be looking for them in root directory.
Prowler doesn't support aggregating a multi-account scan assessment into a single report. This project could attempt to create a single aggregated report.
We're having an issue with the report not being generated after waiting 4+ hours. The VM shutdown and we don't see any output in the S3 bucket. Where should we look to troubleshoot?
to resolve i modified the SelfServiceSecEC2.yml , added the below after line 48
./prowler -M html
aws s3 cp --recursive ./output/ s3://${SelfServiceSecS3Bucket}
Prowler open source security assessment tool is now on V3.
In README.md
ransomeware
is misspelled, should be
ransomware
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.