chore(unused services): scan unused services by default and add flag (#3556)

Co-authored-by: Pepe Fagoaga <pepe@prowler.com>

docs/tutorials/parallel-execution.md

@@ -42,7 +42,7 @@ while read service; do
     echo "$(date '+%Y-%m-%d %H:%M:%S'): Starting job for service: ${service}"
 
     # Run the command in the background
-    (prowler -p "$profile" -s "$service" -F "${account_id}-${service}" --ignore-unused-services --only-logs; echo "$(date '+%Y-%m-%d %H:%M:%S') - ${service} has completed") &
+    (prowler -p "$profile" -s "$service" -F "${account_id}-${service}"  --only-logs; echo "$(date '+%Y-%m-%d %H:%M:%S') - ${service} has completed") &
 
     # Check if we have reached the maximum number of processes
     while [ $(jobs -r | wc -l) -ge ${MAX_PROCESSES} ]; do
@@ -98,7 +98,7 @@ $jobs = @()
 foreach ($service in $services) {
     # Start the command as a job
     $job = Start-Job -ScriptBlock {
-        prowler -p ${using:profile} -s ${using:service} -F "${using:account_id}-${using:service}" --ignore-unused-services --only-logs
+        prowler -p ${using:profile} -s ${using:service} -F "${using:account_id}-${using:service}" --only-logs
 	      $endTimestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
         Write-Output "${endTimestamp} - $using:service has completed"
     }

docs/tutorials/scan-unused-services.md

@@ -1,15 +1,15 @@
-# Ignore Unused Services
+# Scan Unused Services
 
 ???+ note
     Currently only available on the AWS provider.
 
-Prowler allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports.
+By default, Prowler only scans the cloud services that are used (where resources are created) to reduce the number of findings in Prowler's reports. If you want Prowler to also scan unused services, you can use the following command:
 
 ```console
-prowler <provider> --ignore-unused-services
+prowler <provider> --scan-unused-services
 ```
 
-## Services that can be ignored
+## Services that are ignored
 ### AWS
 #### Athena
 When you create an AWS Account, Athena will create a default primary workgroup for you.

mkdocs.yml

@@ -44,7 +44,7 @@ nav:
       - Mute List: tutorials/mutelist.md
       - Check Aliases: tutorials/check-aliases.md
       - Custom Metadata: tutorials/custom-checks-metadata.md
-      - Ignore Unused Services: tutorials/ignore-unused-services.md
+      - Scan Unused Services: tutorials/scan-unused-services.md
       - Pentesting: tutorials/pentesting.md
       - Parallel Execution: tutorials/parallel-execution.md
       - Developer Guide: developer-guide/introduction.md

prowler/providers/aws/aws_provider.py

@@ -48,7 +48,7 @@ class AwsProvider(Provider):
     _organizations_metadata: AWSOrganizationsInfo
     _audit_resources: list = []
     _audit_config: dict
-    _ignore_unused_services: bool = False
+    _scan_unused_services: bool = False
     _enabled_regions: set = set()
     _mutelist: dict = {}
     _output_options: AWSOutputOptions
@@ -73,8 +73,8 @@ class AwsProvider(Provider):
         input_regions = getattr(arguments, "region", set())
         organizations_role_arn = getattr(arguments, "organizations_role", None)
 
-        # Set if unused services must be ignored
+        # Set if unused services must be scanned
-        ignore_unused_services = getattr(arguments, "ignore_unused_services", None)
+        scan_unused_services = getattr(arguments, "scan_unused_services", None)
         ########
 
         ######## AWS Session
@@ -222,7 +222,7 @@ class AwsProvider(Provider):
         )
 
         # Set ignore unused services
-        self._ignore_unused_services = ignore_unused_services
+        self._scan_unused_services = scan_unused_services
 
         # Audit Config
         self._audit_config = {}
@@ -252,8 +252,8 @@ class AwsProvider(Provider):
         return self._audit_resources
 
     @property
-    def ignore_unused_services(self):
+    def scan_unused_services(self):
-        return self._ignore_unused_services
+        return self._scan_unused_services
 
     @property
     def audit_config(self):

prowler/providers/aws/lib/arguments/arguments.py

@@ -147,14 +147,14 @@ def init_parser(self):
         help="Set the maximum attemps for the Boto3 standard retrier config (Default: 3)",
     )
 
-    # Ignore Unused Services
+    # Scan Unused Services
-    ignore_unused_services_subparser = aws_parser.add_argument_group(
+    scan_unused_services_subparser = aws_parser.add_argument_group(
-        "Ignore Unused Services"
+        "Scan Unused Services"
     )
-    ignore_unused_services_subparser.add_argument(
+    scan_unused_services_subparser.add_argument(
-        "--ignore-unused-services",
+        "--scan-unused-services",
         action="store_true",
-        help="Ignore findings in unused services",
+        help="Scan unused services",
     )
 
 

prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.py

@@ -12,7 +12,7 @@ class athena_workgroup_encryption(Check):
             # Only check for enabled and used workgroups (has recent queries)
             if (
                 workgroup.state == "ENABLED" and workgroup.queries
-            ) or not athena_client.provider.ignore_unused_services:
+            ) or athena_client.provider.scan_unused_services:
                 report = Check_Report_AWS(self.metadata())
                 report.region = workgroup.region
                 report.resource_id = workgroup.name

prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.py

@@ -12,7 +12,7 @@ class athena_workgroup_enforce_configuration(Check):
             # Only check for enabled and used workgroups (has recent queries)
             if (
                 workgroup.state == "ENABLED" and workgroup.queries
-            ) or not athena_client.provider.ignore_unused_services:
+            ) or athena_client.provider.scan_unused_services:
                 report = Check_Report_AWS(self.metadata())
                 report.region = workgroup.region
                 report.resource_id = workgroup.name

prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py

@@ -50,7 +50,7 @@ class cloudtrail_s3_dataevents_read_enabled(Check):
                             report.status_extended = f"Trail {trail.name} from home region {trail.home_region} has an advanced data event selector to record all S3 object-level API operations."
                             findings.append(report)
         if not findings and (
-            s3_client.buckets or not cloudtrail_client.provider.ignore_unused_services
+            s3_client.buckets or cloudtrail_client.provider.scan_unused_services
         ):
             report = Check_Report_AWS(self.metadata())
             report.region = cloudtrail_client.region

prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py

@@ -50,7 +50,7 @@ class cloudtrail_s3_dataevents_write_enabled(Check):
                             report.status_extended = f"Trail {trail.name} from home region {trail.home_region} has an advanced data event selector to record all S3 object-level API operations."
                             findings.append(report)
         if not findings and (
-            s3_client.buckets or not cloudtrail_client.provider.ignore_unused_services
+            s3_client.buckets or cloudtrail_client.provider.scan_unused_services
         ):
             report = Check_Report_AWS(self.metadata())
             report.region = cloudtrail_client.region

prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.py

@@ -16,9 +16,7 @@ class ec2_ebs_default_encryption(Check):
                 report.status = "PASS"
                 report.status_extended = "EBS Default Encryption is activated."
                 findings.append(report)
-            elif (
+            elif ec2_client.provider.scan_unused_services or ebs_encryption.volumes:
-                not ec2_client.provider.ignore_unused_services or ebs_encryption.volumes
-            ):
                 report.status = "FAIL"
                 report.status_extended = "EBS Default Encryption is not activated."
                 findings.append(report)

prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.py

@@ -10,7 +10,7 @@ class ec2_networkacl_allow_ingress_any_port(Check):
         check_port = 0
         for network_acl in ec2_client.network_acls:
             if (
-                not ec2_client.provider.ignore_unused_services
+                ec2_client.provider.scan_unused_services
                 or network_acl.region in ec2_client.regions_with_sgs
             ):
                 # If some entry allows it, that ACL is not securely configured

prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.py

@@ -10,7 +10,7 @@ class ec2_networkacl_allow_ingress_tcp_port_22(Check):
         check_port = 22
         for network_acl in ec2_client.network_acls:
             if (
-                not ec2_client.provider.ignore_unused_services
+                ec2_client.provider.scan_unused_services
                 or network_acl.region in ec2_client.regions_with_sgs
             ):
                 # If some entry allows it, that ACL is not securely configured

prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.py

@@ -10,7 +10,7 @@ class ec2_networkacl_allow_ingress_tcp_port_3389(Check):
         check_port = 3389
         for network_acl in ec2_client.network_acls:
             if (
-                not ec2_client.provider.ignore_unused_services
+                ec2_client.provider.scan_unused_services
                 or network_acl.region in ec2_client.regions_with_sgs
             ):
                 # If some entry allows it, that ACL is not securely configured

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py

@@ -8,7 +8,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_any_port(Check):
         findings = []
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018(
         check_ports = [27017, 27018]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21(Check)
         check_ports = [20, 21]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22(Check):
         check_ports = [22]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389(Check):
         check_ports = [3389]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.py

@@ -12,7 +12,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9
         check_ports = [7199, 9160, 8888]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.py

@@ -12,7 +12,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_ki
         check_ports = [9200, 9300, 5601]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092(Check
         check_ports = [9092]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211(
         check_ports = [11211]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306(Check
         check_ports = [3306]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483
         check_ports = [1521, 2483]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432(Ch
         check_ports = [5432]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379(Check
         check_ports = [6379]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.py

@@ -12,7 +12,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_
         check_ports = [1433, 1434]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.py

@@ -10,7 +10,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23(Check)
         check_ports = [23]
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.py

@@ -11,7 +11,7 @@ class ec2_securitygroup_allow_wide_open_public_ipv4(Check):
         cidr_treshold = 24
         for security_group in ec2_client.security_groups:
             # Check if ignoring flag is set and if the VPC and the SG is in use
-            if not ec2_client.provider.ignore_unused_services or (
+            if ec2_client.provider.scan_unused_services or (
                 security_group.vpc_id in vpc_client.vpcs
                 and vpc_client.vpcs[security_group.vpc_id].in_use
                 and len(security_group.network_interfaces) > 0

prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.py

@@ -7,7 +7,7 @@ class glue_data_catalogs_connection_passwords_encryption_enabled(Check):
         findings = []
         for encryption in glue_client.catalog_encryption_settings:
             # Check only if there are Glue Tables
-            if encryption.tables or not glue_client.provider.ignore_unused_services:
+            if encryption.tables or glue_client.provider.scan_unused_services:
                 report = Check_Report_AWS(self.metadata())
                 report.resource_id = glue_client.audited_account
                 report.resource_arn = glue_client.__get_data_catalog_arn_template__(

prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.py

@@ -7,7 +7,7 @@ class glue_data_catalogs_metadata_encryption_enabled(Check):
         findings = []
         for encryption in glue_client.catalog_encryption_settings:
             # Check only if there are Glue Tables
-            if encryption.tables or not glue_client.provider.ignore_unused_services:
+            if encryption.tables or glue_client.provider.scan_unused_services:
                 report = Check_Report_AWS(self.metadata())
                 report.resource_id = glue_client.audited_account
                 report.resource_arn = glue_client.__get_data_catalog_arn_template__(

prowler/providers/aws/services/inspector2/inspector2_is_enabled/inspector2_is_enabled.py

@@ -20,7 +20,7 @@ class inspector2_is_enabled(Check):
                 report.status_extended = "Inspector2 is enabled."
                 findings.append(report)
             else:
-                if inspector2_client.provider.ignore_unused_services:
+                if not inspector2_client.provider.scan_unused_services:
                     funtions_in_region = False
                     ec2_in_region = False
                     for function in awslambda_client.functions.values():
@@ -29,7 +29,7 @@ class inspector2_is_enabled(Check):
                     for instance in ec2_client.instances:
                         if instance == inspector.region:
                             ec2_in_region = True
-                if not inspector2_client.provider.ignore_unused_services or (
+                if inspector2_client.provider.scan_unused_services or (
                     funtions_in_region
                     or ecr_client.registries[inspector.region].repositories
                     or ec2_in_region

prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.py

@@ -19,7 +19,7 @@ class macie_is_enabled(Check):
                 findings.append(report)
             else:
                 if (
-                    not macie_client.provider.ignore_unused_services
+                    macie_client.provider.scan_unused_services
                     or session.region in s3_client.regions_with_buckets
                 ):
                     if session.status == "PAUSED":

prowler/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc.py

@@ -9,7 +9,7 @@ class networkfirewall_in_all_vpc(Check):
     def execute(self):
         findings = []
         for vpc in vpc_client.vpcs.values():
-            if not vpc_client.provider.ignore_unused_services or vpc.in_use:
+            if vpc_client.provider.scan_unused_services or vpc.in_use:
                 report = Check_Report_AWS(self.metadata())
                 report.region = vpc.region
                 report.resource_id = vpc.id

prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.py

@@ -18,7 +18,7 @@ class s3_account_level_public_access_blocks(Check):
             report.resource_id = s3control_client.audited_account
             report.resource_arn = s3_client.account_arn_template
             findings.append(report)
-        elif s3_client.buckets or not s3_client.provider.ignore_unused_services:
+        elif s3_client.buckets or s3_client.provider.scan_unused_services:
             report.status = "FAIL"
             report.status_extended = f"Block Public Access is not configured for the account {s3control_client.audited_account}."
             report.region = s3control_client.region

prowler/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.py

@@ -6,7 +6,7 @@ class vpc_flow_logs_enabled(Check):
     def execute(self):
         findings = []
         for vpc in vpc_client.vpcs.values():
-            if not vpc_client.provider.ignore_unused_services or vpc.in_use:
+            if vpc_client.provider.scan_unused_services or vpc.in_use:
                 report = Check_Report_AWS(self.metadata())
                 report.region = vpc.region
                 report.resource_tags = vpc.tags

tests/lib/cli/parser_test.py

@@ -80,7 +80,7 @@ class Test_Parser:
         assert not parsed.output_bucket_no_assume
         assert not parsed.shodan
         assert not parsed.resource_tags
-        assert not parsed.ignore_unused_services
+        assert not parsed.scan_unused_services
 
     def test_default_parser_no_arguments_azure(self):
         provider = "azure"
@@ -1040,11 +1040,11 @@ class Test_Parser:
         parsed = self.parser.parse(command)
         assert parsed.aws_retries_max_attempts == int(max_retries)
 
-    def test_aws_parser_ignore_unused_services(self):
+    def test_aws_parser_scan_unused_services(self):
-        argument = "--ignore-unused-services"
+        argument = "--scan-unused-services"
         command = [prowler_command, argument]
         parsed = self.parser.parse(command)
-        assert parsed.ignore_unused_services
+        assert parsed.scan_unused_services
 
     def test_aws_parser_config_file(self):
         argument = "--config-file"

tests/providers/aws/aws_provider_test.py

@@ -240,11 +240,11 @@ class TestAWSProvider:
     def test_aws_provider_default(self):
         arguments = Namespace()
         arguments.mfa = False
-        arguments.ignore_unused_services = True
+        arguments.scan_unused_services = True
         aws_provider = AwsProvider(arguments)
 
         assert aws_provider.type == "aws"
-        assert aws_provider.ignore_unused_services is True
+        assert aws_provider.scan_unused_services is True
         assert aws_provider.audit_config == {}
         assert aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1
 
@@ -359,7 +359,7 @@ class TestAWSProvider:
             aws_provider = AwsProvider(arguments)
 
             assert aws_provider.type == "aws"
-            assert aws_provider.ignore_unused_services is None
+            assert aws_provider.scan_unused_services is None
             assert aws_provider.audit_config == {}
             assert (
                 aws_provider.session.current_session.region_name == AWS_REGION_US_EAST_1

tests/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption_test.py

@@ -51,7 +51,7 @@ class Test_athena_workgroup_encryption:
         from prowler.providers.aws.services.athena.athena_service import Athena
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration_test.py

@@ -51,7 +51,7 @@ class Test_athena_workgroup_enforce_configuration:
         from prowler.providers.aws.services.athena.athena_service import Athena
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py

@@ -71,7 +71,7 @@ class Test_cloudtrail_s3_dataevents_read_enabled:
         from prowler.providers.aws.services.s3.s3_service import S3
 
         aws_provider = set_mocked_aws_provider()
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",
@@ -105,7 +105,7 @@ class Test_cloudtrail_s3_dataevents_read_enabled:
         from prowler.providers.aws.services.s3.s3_service import S3
 
         aws_provider = set_mocked_aws_provider()
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py

@@ -135,7 +135,7 @@ class Test_cloudtrail_s3_dataevents_write_enabled:
         from prowler.providers.aws.services.s3.s3_service import S3
 
         aws_provider = set_mocked_aws_provider()
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",
@@ -168,7 +168,7 @@ class Test_cloudtrail_s3_dataevents_write_enabled:
         from prowler.providers.aws.services.s3.s3_service import S3
 
         aws_provider = set_mocked_aws_provider()
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py

@@ -121,7 +121,7 @@ class Test_ec2_ebs_default_encryption:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -151,7 +151,7 @@ class Test_ec2_ebs_default_encryption:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py

@@ -203,7 +203,7 @@ class Test_ec2_networkacl_allow_ingress_any_port:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -245,7 +245,7 @@ class Test_ec2_networkacl_allow_ingress_any_port:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py

@@ -205,7 +205,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -247,7 +247,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py

@@ -205,7 +205,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -247,7 +247,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py

@@ -265,7 +265,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port:
             expected_checks=[
                 "ec2_securitygroup_allow_ingress_from_internet_to_any_port"
             ],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -308,7 +308,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port:
             expected_checks=[
                 "ec2_securitygroup_allow_ingress_from_internet_to_any_port"
             ],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py

@@ -192,7 +192,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -232,7 +232,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py

@@ -59,7 +59,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -99,7 +99,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py

@@ -264,7 +264,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -306,7 +306,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py

@@ -243,7 +243,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
                 AWS_REGION_EU_WEST_1,
             ]
         )
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",
@@ -281,7 +281,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
         from prowler.providers.aws.services.ec2.ec2_service import EC2
 
         aws_provider = set_mocked_aws_provider()
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py

@@ -193,7 +193,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(
@@ -235,7 +235,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23:
 
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_EU_WEST_1, AWS_REGION_US_EAST_1],
-            ignore_unused_services=True,
+            scan_unused_services=False,
         )
 
         with mock.patch(

tests/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled_test.py

@@ -91,7 +91,7 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled:
         glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
             return_value=glue_client.data_catalog_arn_template
         )
-        glue_client.provider._ignore_unused_services = True
+        glue_client.provider._scan_unused_services = False
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,
@@ -126,7 +126,7 @@ class Test_glue_data_catalogs_connection_passwords_encryption_enabled:
         glue_client.__get_data_catalog_arn_template__ = mock.MagicMock(
             return_value=glue_client.data_catalog_arn_template
         )
-        glue_client.provider._ignore_unused_services = True
+        glue_client.provider._scan_unused_services = False
         with mock.patch(
             "prowler.providers.aws.services.glue.glue_service.Glue",
             glue_client,

tests/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled_test.py

@@ -86,7 +86,7 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
             )
         ]
         glue_client.audited_account = AWS_ACCOUNT_NUMBER
-        glue_client.provider._ignore_unused_services = True
+        glue_client.provider._scan_unused_services = False
         glue_client.audited_partition = AWS_COMMERCIAL_PARTITION
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"
@@ -121,7 +121,7 @@ class Test_glue_data_catalogs_metadata_encryption_enabled:
             )
         ]
         glue_client.audited_account = AWS_ACCOUNT_NUMBER
-        glue_client.provider._ignore_unused_services = True
+        glue_client.provider._scan_unused_services = False
         glue_client.audited_partition = AWS_COMMERCIAL_PARTITION
         glue_client.region = AWS_REGION_US_EAST_1
         glue_client.data_catalog_arn_template = f"arn:{glue_client.audited_partition}:glue:{glue_client.region}:{glue_client.audited_account}:data-catalog"

tests/providers/aws/services/inspector2/inspector2_active_findings_exist/inspector2_active_findings_exist_test.py

@@ -266,7 +266,7 @@ class Test_inspector2_active_findings_exist:
         ecr_client.provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
         awslambda_client.aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
         inspector2_client.aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
-        inspector2_client.provider._ignore_unused_services = True
+        inspector2_client.provider._scan_unused_services = False
         inspector2_client.audited_account = AWS_ACCOUNT_NUMBER
         inspector2_client.audited_account_arn = (
             f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"

tests/providers/aws/services/macie/macie_is_enabled/macie_is_enabled_test.py

@@ -141,7 +141,7 @@ class Test_macie_is_enabled:
         ]
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
-        macie_client.provider._ignore_unused_services = True
+        macie_client.provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",
@@ -192,7 +192,7 @@ class Test_macie_is_enabled:
         macie_client.__get_session_arn_template__ = mock.MagicMock(
             return_value=macie_client.session_arn_template
         )
-        macie_client.provider._ignore_unused_services = True
+        macie_client.provider._scan_unused_services = False
         aws_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1])
 
         with mock.patch(

tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py

@@ -437,7 +437,7 @@ class Test_networkfirewall_in_all_vpc:
         }
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-        vpc_client.provider._ignore_unused_services = True
+        vpc_client.provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",
@@ -502,7 +502,7 @@ class Test_networkfirewall_in_all_vpc:
         }
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-        vpc_client.provider._ignore_unused_services = True
+        vpc_client.provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py

@@ -127,7 +127,7 @@ class Test_s3_account_level_public_access_blocks:
         from prowler.providers.aws.services.s3.s3_service import S3, S3Control
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py

@@ -145,7 +145,7 @@ class Test_vpc_flow_logs_enabled:
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
         )
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",
@@ -177,7 +177,7 @@ class Test_vpc_flow_logs_enabled:
         aws_provider = set_mocked_aws_provider(
             [AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
         )
-        aws_provider._ignore_unused_services = True
+        aws_provider._scan_unused_services = False
 
         with mock.patch(
             "prowler.providers.common.common.get_global_provider",

tests/providers/aws/utils.py

@@ -58,7 +58,7 @@ def set_mocked_aws_provider(
     expected_checks: list[str] = [],
     profile_region: str = None,
     audit_config: dict = {},
-    ignore_unused_services: bool = False,
+    scan_unused_services: bool = True,
     audit_session: session.Session = session.Session(
         profile_name=None,
         botocore_session=None,
@@ -96,7 +96,7 @@ def set_mocked_aws_provider(
     provider._identity.profile_region = profile_region
     provider._identity.audited_regions = audited_regions
     # Mock Configiration
-    provider._ignore_unused_services = ignore_unused_services
+    provider._scan_unused_services = scan_unused_services
     provider._enabled_regions = (
         enabled_regions if enabled_regions else set(audited_regions)
     )