chore(release): 3.8.1

fix(ds): Restore enums without optional (#2704 )
fix(Enum): handle Enum classes correctly (#2702 )
2026-01-25 02:08:11 +00:00 · 2023-08-10 11:51:13 +00:00 · 2023-08-10 13:43:31 +02:00 · 2023-08-10 13:21:24 +02:00 · 2023-08-10 12:40:17 +02:00 · 2023-08-10 12:13:57 +02:00
2181 changed files with 186960 additions and 5620 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @prowler-cloud/prowler-oss
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,97 @@
+name: 🐞 Bug Report
+description: Create a report to help us improve
+title: "[Bug]: "
+labels: ["bug", "status/needs-triage"]
+
+body:
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |-
+        1. What command are you running?
+        2. Cloud provider you are launching
+        3. Environment you have, like single account, multi-account, organizations, multi or single subscription, etc.
+        4. See error
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Result with Screenshots or Logs
+      description: If applicable, add screenshots to help explain your problem. Also, you can add logs (anonymize them first!). Here a command that may help to share a log `prowler <your arguments> --log-level DEBUG --log-file $(date +%F)_debug.log` then attach here the log file.
+    validations:
+      required: true
+  - type: dropdown
+    id: type
+    attributes:
+      label: How did you install Prowler?
+      options:
+        - Cloning the repository from github.com (git clone)
+        - From pip package (pip install prowler)
+        - From brew (brew install prowler)
+        - Docker (docker pull toniblyx/prowler)
+    validations:
+      required: true
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment Resource
+      description: From where are you running Prowler?
+      placeholder: |-
+        1. EC2 instance
+        2. Fargate task
+        3. Docker container locally
+        4. EKS
+        5. Cloud9
+        6. CodeBuild
+        7. Workstation
+        8. Other(please specify)
+    validations:
+      required: true
+  - type: textarea
+    id: os
+    attributes:
+      label: OS used
+      description: Which OS are you using?
+      placeholder: |-
+        1. Amazon Linux 2
+        2. MacOS
+        3. Alpine Linux
+        4. Windows
+        5. Other(please specify)
+    validations:
+      required: true
+  - type: input
+    id: prowler-version
+    attributes:
+      label: Prowler version
+      description: Which Prowler version are you using?
+      placeholder: |-
+        prowler --version
+    validations:
+      required: true
+  - type: input
+    id: pip-version
+    attributes:
+      label: Pip version
+      description: Which pip version are you using?
+      placeholder: |-
+        pip --version
+    validations:
+      required: true
+  - type: textarea
+    id: additional
+    attributes:
+      description: Additional context
+      label: Context
+    validations:
+      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: false
--- a/.github/ISSUE_TEMPLATE/feature-request.yml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yml
@@ -0,0 +1,36 @@
+name:  💡 Feature Request
+description: Suggest an idea for this project
+labels: ["enhancement", "status/needs-triage"]
+
+
+body:
+  - type: textarea
+    id: Problem
+    attributes:
+      label: New feature motivation
+      description: Is your feature request related to a problem? Please describe
+      placeholder: |-
+        1. A clear and concise description of what the problem is. Ex. I'm always frustrated when
+    validations:
+      required: true
+  - type: textarea
+    id: Solution
+    attributes:
+      label: Solution Proposed
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: Alternatives
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+    validations:
+      required: true
+  - type: textarea
+    id: Context
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here.
+    validations:
+      required: false
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    target-branch: master
+    labels:
+      - "dependencies"
+      - "pip"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -0,0 +1,13 @@
+### Context
+
+Please include relevant motivation and context for this PR.
+
+
+### Description
+
+Please include a summary of the change and which issue is fixed. List any dependencies that are required for this change.
+
+
+### License
+
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/build-lint-push-containers.yml
+++ b/.github/workflows/build-lint-push-containers.yml
@@ -0,0 +1,117 @@
+name: build-lint-push-containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths-ignore:
+      - ".github/**"
+      - "README.md"
+      - "docs/**"
+
+  release:
+    types: [published]
+
+env:
+  AWS_REGION_STG: eu-west-1
+  AWS_REGION_PLATFORM: eu-west-1
+  AWS_REGION: us-east-1
+  IMAGE_NAME: prowler
+  LATEST_TAG: latest
+  STABLE_TAG: stable
+  TEMPORARY_TAG: temporary
+  DOCKERFILE_PATH: ./Dockerfile
+  PYTHON_VERSION: 3.9
+
+jobs:
+  # Build Prowler OSS container
+  container-build-push:
+    # needs: dockerfile-linter
+    runs-on: ubuntu-latest
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup python (release)
+        if: github.event_name == 'release'
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install dependencies (release)
+        if: github.event_name == 'release'
+        run: |
+          pipx install poetry
+          pipx inject poetry poetry-bumpversion
+
+      - name: Update Prowler version (release)
+        if: github.event_name == 'release'
+        run: |
+          poetry version ${{ github.event.release.tag_name }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Public ECR
+        uses: docker/login-action@v2
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
+        env:
+          AWS_REGION: ${{ env.AWS_REGION }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push container image (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@v2
+        with:
+          # Use local context to get changes
+          # https://github.com/docker/build-push-action#path-context
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  dispatch-action:
+    needs: container-build-push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest commit info
+        if: github.event_name == 'push'
+        run: |
+          LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
+          echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
+      - name: Dispatch event for latest
+        if: github.event_name == 'push'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
+      - name: Dispatch event for release
+        if: github.event_name == 'release'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ github.event.release.tag_name }}"}}'
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,57 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", prowler-2, prowler-3.0-dev ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '00 12 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -0,0 +1,18 @@
+name: find-secrets
+
+on: pull_request
+
+jobs:
+  trufflehog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@v3.4.4
+        with:
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -0,0 +1,64 @@
+name: pr-lint-test
+
+on:
+  push:
+    branches:
+      - "master"
+  pull_request:
+    branches:
+      - "master"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9"]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install poetry
+        run: |
+         python -m pip install --upgrade pip
+         pipx install poetry
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'poetry'
+      - name: Install dependencies
+        run: |
+          poetry install
+          poetry run pip list
+          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
+            grep '"tag_name":' | \
+            sed -E 's/.*"v([^"]+)".*/\1/' \
+            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
+            && chmod +x /tmp/hadolint
+      - name: Poetry check
+        run: |
+          poetry lock --check
+      - name: Lint with flake8
+        run: |
+          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib
+      - name: Checking format with black
+        run: |
+          poetry run black --check .
+      - name: Lint with pylint
+        run: |
+          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
+      - name: Bandit
+        run: |
+          poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
+      - name: Safety
+        run: |
+          poetry run safety check
+      - name: Vulture
+        run: |
+          poetry run vulture --exclude "contrib" --min-confidence 100 .
+      - name: Hadolint
+        run: |
+          /tmp/hadolint Dockerfile --ignore=DL3013
+      - name: Test with pytest
+        run: |
+          poetry run pytest tests -n auto
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/pypi-release.yml
@@ -0,0 +1,79 @@
+name: pypi-release
+
+on:
+  release:
+    types: [published]
+
+env:
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  GITHUB_BRANCH: master
+
+jobs:
+  release-prowler-job:
+    runs-on: ubuntu-latest
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+    name: Release Prowler to PyPI
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ env.GITHUB_BRANCH }}
+      - name: Install dependencies
+        run: |
+          pipx install poetry
+          pipx inject poetry poetry-bumpversion
+      - name: setup python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+          cache: 'poetry'
+      - name: Change version and Build package
+        run: |
+          poetry version ${{ env.RELEASE_TAG }}
+          git config user.name "github-actions"
+          git config user.email "<noreply@github.com>"
+          git add prowler/config/config.py pyproject.toml
+          git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify
+          git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}"
+          git push -f origin ${{ env.RELEASE_TAG }}
+          poetry build
+      - name: Publish prowler package to PyPI
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
+      # Create pull request with new version
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
+          commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
+          branch: release-${{ env.RELEASE_TAG }}
+          labels: "status/waiting-for-revision, severity/low"
+          title: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}"
+          body: |
+            ### Description
+
+            This PR updates Prowler Version to ${{ env.RELEASE_TAG }}.
+
+            ### License
+
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+      - name: Replicate PyPi Package
+        run: |
+          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
+          pip install toml
+          python util/replicate_pypi_package.py
+          poetry build
+      - name: Publish prowler-cloud package to PyPI
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
+      # Create pull request to github.com/Homebrew/homebrew-core to update prowler formula
+      - name: Bump Homebrew formula
+        uses: mislav/bump-homebrew-formula-action@v2
+        with:
+          formula-name: prowler
+          base-branch: release-${{ env.RELEASE_TAG }}
+        env:
+          COMMITTER_TOKEN: ${{ secrets.PROWLER_ACCESS_TOKEN }}
--- a/.github/workflows/refresh_aws_services_regions.yml
+++ b/.github/workflows/refresh_aws_services_regions.yml
@@ -0,0 +1,67 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Refresh regions of AWS services
+
+on:
+  schedule:
+    - cron: "0 9 * * *" #runs at 09:00 UTC everyday
+
+env:
+  GITHUB_BRANCH: "master"
+  AWS_REGION_DEV: us-east-1
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      pull-requests: write
+      contents: write
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ env.GITHUB_BRANCH }}
+
+      - name: setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9 #install the python needed
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install boto3
+
+      - name: Configure AWS Credentials -- DEV
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ env.AWS_REGION_DEV }}
+          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
+          role-session-name: refresh-AWS-regions-dev
+
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: python3 util/update_aws_services_regions.py
+
+      # Create pull request
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
+          commit-message: "feat(regions_update): Update regions for AWS services."
+          branch: "aws-services-regions-updated-${{ github.sha }}"
+          labels: "status/waiting-for-revision, severity/low"
+          title: "chore(regions_update): Changes in regions for AWS services."
+          body: |
+            ### Description
+
+            This PR updates the regions for AWS services.
+
+            ### License
+
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,48 @@
+# Swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Python code
+__pycache__
+venv/
+build/
+dist/
+*.egg-info/
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+
+# Persistent undo
+[._]*.un~
+
+# MacOs DS_Store
+*.DS_Store
+
+# Prowler output
+output/
+
+# Prowler found secrets
+secrets-*/
+
+# JUnit Reports
+junit-reports/
+
+# VSCode files
+.vscode/
+
+# Terraform
+.terraform*
+*.tfstate
+
+# .env
+.env*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,109 @@
+repos:
+  ## GENERAL
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-yaml
+        args: ["--unsafe"]
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: no-commit-to-branch
+      - id: pretty-format-json
+        args: ["--autofix", --no-sort-keys, --no-ensure-ascii]
+
+  ## TOML
+  - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
+    rev: v2.7.0
+    hooks:
+      - id: pretty-format-toml
+        args: [--autofix]
+        files: pyproject.toml
+
+  ## BASH
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: v0.9.0
+    hooks:
+      - id: shellcheck
+  ## PYTHON
+  - repo: https://github.com/myint/autoflake
+    rev: v2.0.1
+    hooks:
+      - id: autoflake
+        args:
+          [
+            "--in-place",
+            "--remove-all-unused-imports",
+            "--remove-unused-variable",
+          ]
+
+  - repo: https://github.com/timothycrosley/isort
+    rev: 5.12.0
+    hooks:
+      - id: isort
+        args: ["--profile", "black"]
+
+  - repo: https://github.com/psf/black
+    rev: 23.1.0
+    hooks:
+      - id: black
+
+  - repo: https://github.com/pycqa/flake8
+    rev: 6.0.0
+    hooks:
+      - id: flake8
+        exclude: contrib
+        args: ["--ignore=E266,W503,E203,E501,W605"]
+
+  - repo: https://github.com/python-poetry/poetry
+    rev: 1.5.1 # add version here
+    hooks:
+      - id: poetry-check
+      - id: poetry-lock
+        args: ["--no-update"]
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.12.1-beta
+    hooks:
+      - id: hadolint
+        args: ["--ignore=DL3013"]
+
+  - repo: local
+    hooks:
+      - id: pylint
+        name: pylint
+        entry: bash -c 'pylint --disable=W,C,R,E -j 0 -rn -sn prowler/'
+        language: system
+
+      - id: trufflehog
+        name: TruffleHog
+        description: Detect secrets in your data.
+        # entry: bash -c 'trufflehog git file://. --only-verified --fail'
+        # For running trufflehog in docker, use the following entry instead:
+        entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
+        language: system
+        stages: ["commit", "push"]
+
+      - id: pytest-check
+        name: pytest-check
+        entry: bash -c 'pytest tests -n auto'
+        language: system
+
+      - id: bandit
+        name: bandit
+        description: "Bandit is a tool for finding common security issues in Python code"
+        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/' -r .'
+        language: system
+
+      - id: safety
+        name: safety
+        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
+        entry: bash -c 'safety check'
+        language: system
+
+      - id: vulture
+        name: vulture
+        description: "Vulture finds unused code in Python programs."
+        entry: bash -c 'vulture --exclude "contrib" --min-confidence 100 .'
+        language: system
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -0,0 +1,23 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+build:
+  os: "ubuntu-22.04"
+  tools:
+    python: "3.9"
+  jobs:
+    post_create_environment:
+      # Install poetry
+      # https://python-poetry.org/docs/#installing-manually
+      - pip install poetry
+      # Tell poetry to not use a virtual environment
+      - poetry config virtualenvs.create false
+    post_install:
+      - poetry install -E docs
+
+mkdocs:
+  configuration: mkdocs.yml
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at community@prowler.cloud. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,13 @@
+# Do you want to learn on how to...
+
+- Contribute with your code or fixes to Prowler
+- Create a new check for a provider
+- Create a new security compliance framework
+- Add a custom output format
+- Add a new integration
+- Contribute with documentation
+
+Want some swag as appreciation for your contribution?
+
+# Prowler Developer Guide
+https://docs.prowler.cloud/en/latest/tutorials/developer-guide/
--- a/33
+++ b/33
@@ -0,0 +1,33 @@
+FROM python:3.9-alpine
+
+LABEL maintainer="https://github.com/prowler-cloud/prowler"
+
+# Update system dependencies
+RUN apk --no-cache upgrade
+
+# Create nonroot user
+RUN mkdir -p /home/prowler && \
+    echo 'prowler:x:1000:1000:prowler:/home/prowler:' > /etc/passwd && \
+    echo 'prowler:x:1000:' > /etc/group && \
+    chown -R prowler:prowler /home/prowler
+USER prowler
+
+# Copy necessary files
+WORKDIR /home/prowler
+COPY prowler/ /home/prowler/prowler/
+COPY pyproject.toml /home/prowler
+COPY README.md /home/prowler
+
+# Install dependencies
+ENV HOME='/home/prowler'
+ENV PATH="$HOME/.local/bin:$PATH"
+#hadolint ignore=DL3013
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir .
+
+# Remove Prowler directory and build files
+USER 0
+RUN rm -rf /home/prowler/prowler /home/prowler/pyproject.toml /home/prowler/README.md /home/prowler/build /home/prowler/prowler.egg-info
+
+USER prowler
+ENTRYPOINT ["prowler"]
--- a/205
+++ b/205
@@ -1,6 +1,201 @@
-All CIS based checks in the checks folder are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License.
-The link to the license terms can be found at
-https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode
+                                Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/

-Any other piece of code is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at
-http://www.apache.org/licenses/LICENSE-2.0
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+Copyright 2018 Netflix, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
--- a/LICENSE-APACHE-2.0
+++ b/LICENSE-APACHE-2.0
@@ -1,201 +0,0 @@
-Apache License
-Version 2.0, January 2004
-http://www.apache.org/licenses/
-
-TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-1. Definitions.
-
-"License" shall mean the terms and conditions for use, reproduction,
-and distribution as defined by Sections 1 through 9 of this document.
-
-"Licensor" shall mean the copyright owner or entity authorized by
-the copyright owner that is granting the License.
-
-"Legal Entity" shall mean the union of the acting entity and all
-other entities that control, are controlled by, or are under common
-control with that entity. For the purposes of this definition,
-"control" means (i) the power, direct or indirect, to cause the
-direction or management of such entity, whether by contract or
-otherwise, or (ii) ownership of fifty percent (50%) or more of the
-outstanding shares, or (iii) beneficial ownership of such entity.
-
-"You" (or "Your") shall mean an individual or Legal Entity
-exercising permissions granted by this License.
-
-"Source" form shall mean the preferred form for making modifications,
-including but not limited to software source code, documentation
-source, and configuration files.
-
-"Object" form shall mean any form resulting from mechanical
-transformation or translation of a Source form, including but
-not limited to compiled object code, generated documentation,
-and conversions to other media types.
-
-"Work" shall mean the work of authorship, whether in Source or
-Object form, made available under the License, as indicated by a
-copyright notice that is included in or attached to the work
-(an example is provided in the Appendix below).
-
-"Derivative Works" shall mean any work, whether in Source or Object
-form, that is based on (or derived from) the Work and for which the
-editorial revisions, annotations, elaborations, or other modifications
-represent, as a whole, an original work of authorship. For the purposes
-of this License, Derivative Works shall not include works that remain
-separable from, or merely link (or bind by name) to the interfaces of,
-the Work and Derivative Works thereof.
-
-"Contribution" shall mean any work of authorship, including
-the original version of the Work and any modifications or additions
-to that Work or Derivative Works thereof, that is intentionally
-submitted to Licensor for inclusion in the Work by the copyright owner
-or by an individual or Legal Entity authorized to submit on behalf of
-the copyright owner. For the purposes of this definition, "submitted"
-means any form of electronic, verbal, or written communication sent
-to the Licensor or its representatives, including but not limited to
-communication on electronic mailing lists, source code control systems,
-and issue tracking systems that are managed by, or on behalf of, the
-Licensor for the purpose of discussing and improving the Work, but
-excluding communication that is conspicuously marked or otherwise
-designated in writing by the copyright owner as "Not a Contribution."
-
-"Contributor" shall mean Licensor and any individual or Legal Entity
-on behalf of whom a Contribution has been received by Licensor and
-subsequently incorporated within the Work.
-
-2. Grant of Copyright License. Subject to the terms and conditions of
-this License, each Contributor hereby grants to You a perpetual,
-worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-copyright license to reproduce, prepare Derivative Works of,
-publicly display, publicly perform, sublicense, and distribute the
-Work and such Derivative Works in Source or Object form.
-
-3. Grant of Patent License. Subject to the terms and conditions of
-this License, each Contributor hereby grants to You a perpetual,
-worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-(except as stated in this section) patent license to make, have made,
-use, offer to sell, sell, import, and otherwise transfer the Work,
-where such license applies only to those patent claims licensable
-by such Contributor that are necessarily infringed by their
-Contribution(s) alone or by combination of their Contribution(s)
-with the Work to which such Contribution(s) was submitted. If You
-institute patent litigation against any entity (including a
-cross-claim or counterclaim in a lawsuit) alleging that the Work
-or a Contribution incorporated within the Work constitutes direct
-or contributory patent infringement, then any patent licenses
-granted to You under this License for that Work shall terminate
-as of the date such litigation is filed.
-
-4. Redistribution. You may reproduce and distribute copies of the
-Work or Derivative Works thereof in any medium, with or without
-modifications, and in Source or Object form, provided that You
-meet the following conditions:
-
-(a) You must give any other recipients of the Work or
-Derivative Works a copy of this License; and
-
-(b) You must cause any modified files to carry prominent notices
-stating that You changed the files; and
-
-(c) You must retain, in the Source form of any Derivative Works
-that You distribute, all copyright, patent, trademark, and
-attribution notices from the Source form of the Work,
-excluding those notices that do not pertain to any part of
-the Derivative Works; and
-
-(d) If the Work includes a "NOTICE" text file as part of its
-distribution, then any Derivative Works that You distribute must
-include a readable copy of the attribution notices contained
-within such NOTICE file, excluding those notices that do not
-pertain to any part of the Derivative Works, in at least one
-of the following places: within a NOTICE text file distributed
-as part of the Derivative Works; within the Source form or
-documentation, if provided along with the Derivative Works; or,
-within a display generated by the Derivative Works, if and
-wherever such third-party notices normally appear. The contents
-of the NOTICE file are for informational purposes only and
-do not modify the License. You may add Your own attribution
-notices within Derivative Works that You distribute, alongside
-or as an addendum to the NOTICE text from the Work, provided
-that such additional attribution notices cannot be construed
-as modifying the License.
-
-You may add Your own copyright statement to Your modifications and
-may provide additional or different license terms and conditions
-for use, reproduction, or distribution of Your modifications, or
-for any such Derivative Works as a whole, provided Your use,
-reproduction, and distribution of the Work otherwise complies with
-the conditions stated in this License.
-
-5. Submission of Contributions. Unless You explicitly state otherwise,
-any Contribution intentionally submitted for inclusion in the Work
-by You to the Licensor shall be under the terms and conditions of
-this License, without any additional terms or conditions.
-Notwithstanding the above, nothing herein shall supersede or modify
-the terms of any separate license agreement you may have executed
-with Licensor regarding such Contributions.
-
-6. Trademarks. This License does not grant permission to use the trade
-names, trademarks, service marks, or product names of the Licensor,
-except as required for reasonable and customary use in describing the
-origin of the Work and reproducing the content of the NOTICE file.
-
-7. Disclaimer of Warranty. Unless required by applicable law or
-agreed to in writing, Licensor provides the Work (and each
-Contributor provides its Contributions) on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-implied, including, without limitation, any warranties or conditions
-of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-PARTICULAR PURPOSE. You are solely responsible for determining the
-appropriateness of using or redistributing the Work and assume any
-risks associated with Your exercise of permissions under this License.
-
-8. Limitation of Liability. In no event and under no legal theory,
-whether in tort (including negligence), contract, or otherwise,
-unless required by applicable law (such as deliberate and grossly
-negligent acts) or agreed to in writing, shall any Contributor be
-liable to You for damages, including any direct, indirect, special,
-incidental, or consequential damages of any character arising as a
-result of this License or out of the use or inability to use the
-Work (including but not limited to damages for loss of goodwill,
-work stoppage, computer failure or malfunction, or any and all
-other commercial damages or losses), even if such Contributor
-has been advised of the possibility of such damages.
-
-9. Accepting Warranty or Additional Liability. While redistributing
-the Work or Derivative Works thereof, You may choose to offer,
-and charge a fee for, acceptance of support, warranty, indemnity,
-or other liability obligations and/or rights consistent with this
-License. However, in accepting such obligations, You may act only
-on Your own behalf and on Your sole responsibility, not on behalf
-of any other Contributor, and only if You agree to indemnify,
-defend, and hold each Contributor harmless for any liability
-incurred by, or claims asserted against, such Contributor by reason
-of your accepting any such warranty or additional liability.
-
-END OF TERMS AND CONDITIONS
-
-APPENDIX: How to apply the Apache License to your work.
-
-To apply the Apache License to your work, attach the following
-boilerplate notice, with the fields enclosed by brackets "[]"
-replaced with your own identifying information. (Don't include
-the brackets!)  The text should be enclosed in the appropriate
-comment syntax for the file format. We also recommend that a
-file or class name and description of purpose be included on the
-same "printed page" as the copyright notice for easier
-identification within third-party archives.
-
-Copyright [yyyy] [name of copyright owner]
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--- a/LICENSE-CC-BY-SA-4.0
+++ b/LICENSE-CC-BY-SA-4.0
@@ -1,360 +0,0 @@
-Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
-Public License
-
-By exercising the Licensed Rights (defined below), You accept and agree
-to be bound by the terms and conditions of this Creative Commons
-Attribution-NonCommercial-ShareAlike 4.0 International Public License
-("Public License"). To the extent this Public License may be
-interpreted as a contract, You are granted the Licensed Rights in
-consideration of Your acceptance of these terms and conditions, and the
-Licensor grants You such rights in consideration of benefits the
-Licensor receives from making the Licensed Material available under
-these terms and conditions.
-
-
-Section 1 -- Definitions.
-
-  a. Adapted Material means material subject to Copyright and Similar
-     Rights that is derived from or based upon the Licensed Material
-     and in which the Licensed Material is translated, altered,
-     arranged, transformed, or otherwise modified in a manner requiring
-     permission under the Copyright and Similar Rights held by the
-     Licensor. For purposes of this Public License, where the Licensed
-     Material is a musical work, performance, or sound recording,
-     Adapted Material is always produced where the Licensed Material is
-     synched in timed relation with a moving image.
-
-  b. Adapter's License means the license You apply to Your Copyright
-     and Similar Rights in Your contributions to Adapted Material in
-     accordance with the terms and conditions of this Public License.
-
-  c. BY-NC-SA Compatible License means a license listed at
-     creativecommons.org/compatiblelicenses, approved by Creative
-     Commons as essentially the equivalent of this Public License.
-
-  d. Copyright and Similar Rights means copyright and/or similar rights
-     closely related to copyright including, without limitation,
-     performance, broadcast, sound recording, and Sui Generis Database
-     Rights, without regard to how the rights are labeled or
-     categorized. For purposes of this Public License, the rights
-     specified in Section 2(b)(1)-(2) are not Copyright and Similar
-     Rights.
-
-  e. Effective Technological Measures means those measures that, in the
-     absence of proper authority, may not be circumvented under laws
-     fulfilling obligations under Article 11 of the WIPO Copyright
-     Treaty adopted on December 20, 1996, and/or similar international
-     agreements.
-
-  f. Exceptions and Limitations means fair use, fair dealing, and/or
-     any other exception or limitation to Copyright and Similar Rights
-     that applies to Your use of the Licensed Material.
-
-  g. License Elements means the license attributes listed in the name
-     of a Creative Commons Public License. The License Elements of this
-     Public License are Attribution, NonCommercial, and ShareAlike.
-
-  h. Licensed Material means the artistic or literary work, database,
-     or other material to which the Licensor applied this Public
-     License.
-
-  i. Licensed Rights means the rights granted to You subject to the
-     terms and conditions of this Public License, which are limited to
-     all Copyright and Similar Rights that apply to Your use of the
-     Licensed Material and that the Licensor has authority to license.
-
-  j. Licensor means the individual(s) or entity(ies) granting rights
-     under this Public License.
-
-  k. NonCommercial means not primarily intended for or directed towards
-     commercial advantage or monetary compensation. For purposes of
-     this Public License, the exchange of the Licensed Material for
-     other material subject to Copyright and Similar Rights by digital
-     file-sharing or similar means is NonCommercial provided there is
-     no payment of monetary compensation in connection with the
-     exchange.
-
-  l. Share means to provide material to the public by any means or
-     process that requires permission under the Licensed Rights, such
-     as reproduction, public display, public performance, distribution,
-     dissemination, communication, or importation, and to make material
-     available to the public including in ways that members of the
-     public may access the material from a place and at a time
-     individually chosen by them.
-
-  m. Sui Generis Database Rights means rights other than copyright
-     resulting from Directive 96/9/EC of the European Parliament and of
-     the Council of 11 March 1996 on the legal protection of databases,
-     as amended and/or succeeded, as well as other essentially
-     equivalent rights anywhere in the world.
-
-  n. You means the individual or entity exercising the Licensed Rights
-     under this Public License. Your has a corresponding meaning.
-
-
-Section 2 -- Scope.
-
-  a. License grant.
-
-       1. Subject to the terms and conditions of this Public License,
-          the Licensor hereby grants You a worldwide, royalty-free,
-          non-sublicensable, non-exclusive, irrevocable license to
-          exercise the Licensed Rights in the Licensed Material to:
-
-            a. reproduce and Share the Licensed Material, in whole or
-               in part, for NonCommercial purposes only; and
-
-            b. produce, reproduce, and Share Adapted Material for
-               NonCommercial purposes only.
-
-       2. Exceptions and Limitations. For the avoidance of doubt, where
-          Exceptions and Limitations apply to Your use, this Public
-          License does not apply, and You do not need to comply with
-          its terms and conditions.
-
-       3. Term. The term of this Public License is specified in Section
-          6(a).
-
-       4. Media and formats; technical modifications allowed. The
-          Licensor authorizes You to exercise the Licensed Rights in
-          all media and formats whether now known or hereafter created,
-          and to make technical modifications necessary to do so. The
-          Licensor waives and/or agrees not to assert any right or
-          authority to forbid You from making technical modifications
-          necessary to exercise the Licensed Rights, including
-          technical modifications necessary to circumvent Effective
-          Technological Measures. For purposes of this Public License,
-          simply making modifications authorized by this Section 2(a)
-          (4) never produces Adapted Material.
-
-       5. Downstream recipients.
-
-            a. Offer from the Licensor -- Licensed Material. Every
-               recipient of the Licensed Material automatically
-               receives an offer from the Licensor to exercise the
-               Licensed Rights under the terms and conditions of this
-               Public License.
-
-            b. Additional offer from the Licensor -- Adapted Material.
-               Every recipient of Adapted Material from You
-               automatically receives an offer from the Licensor to
-               exercise the Licensed Rights in the Adapted Material
-               under the conditions of the Adapter's License You apply.
-
-            c. No downstream restrictions. You may not offer or impose
-               any additional or different terms or conditions on, or
-               apply any Effective Technological Measures to, the
-               Licensed Material if doing so restricts exercise of the
-               Licensed Rights by any recipient of the Licensed
-               Material.
-
-       6. No endorsement. Nothing in this Public License constitutes or
-          may be construed as permission to assert or imply that You
-          are, or that Your use of the Licensed Material is, connected
-          with, or sponsored, endorsed, or granted official status by,
-          the Licensor or others designated to receive attribution as
-          provided in Section 3(a)(1)(A)(i).
-
-  b. Other rights.
-
-       1. Moral rights, such as the right of integrity, are not
-          licensed under this Public License, nor are publicity,
-          privacy, and/or other similar personality rights; however, to
-          the extent possible, the Licensor waives and/or agrees not to
-          assert any such rights held by the Licensor to the limited
-          extent necessary to allow You to exercise the Licensed
-          Rights, but not otherwise.
-
-       2. Patent and trademark rights are not licensed under this
-          Public License.
-
-       3. To the extent possible, the Licensor waives any right to
-          collect royalties from You for the exercise of the Licensed
-          Rights, whether directly or through a collecting society
-          under any voluntary or waivable statutory or compulsory
-          licensing scheme. In all other cases the Licensor expressly
-          reserves any right to collect such royalties, including when
-          the Licensed Material is used other than for NonCommercial
-          purposes.
-
-
-Section 3 -- License Conditions.
-
-Your exercise of the Licensed Rights is expressly made subject to the
-following conditions.
-
-  a. Attribution.
-
-       1. If You Share the Licensed Material (including in modified
-          form), You must:
-
-            a. retain the following if it is supplied by the Licensor
-               with the Licensed Material:
-
-                 i. identification of the creator(s) of the Licensed
-                    Material and any others designated to receive
-                    attribution, in any reasonable manner requested by
-                    the Licensor (including by pseudonym if
-                    designated);
-
-                ii. a copyright notice;
-
-               iii. a notice that refers to this Public License;
-
-                iv. a notice that refers to the disclaimer of
-                    warranties;
-
-                 v. a URI or hyperlink to the Licensed Material to the
-                    extent reasonably practicable;
-
-            b. indicate if You modified the Licensed Material and
-               retain an indication of any previous modifications; and
-
-            c. indicate the Licensed Material is licensed under this
-               Public License, and include the text of, or the URI or
-               hyperlink to, this Public License.
-
-       2. You may satisfy the conditions in Section 3(a)(1) in any
-          reasonable manner based on the medium, means, and context in
-          which You Share the Licensed Material. For example, it may be
-          reasonable to satisfy the conditions by providing a URI or
-          hyperlink to a resource that includes the required
-          information.
-       3. If requested by the Licensor, You must remove any of the
-          information required by Section 3(a)(1)(A) to the extent
-          reasonably practicable.
-
-  b. ShareAlike.
-
-     In addition to the conditions in Section 3(a), if You Share
-     Adapted Material You produce, the following conditions also apply.
-
-       1. The Adapter's License You apply must be a Creative Commons
-          license with the same License Elements, this version or
-          later, or a BY-NC-SA Compatible License.
-
-       2. You must include the text of, or the URI or hyperlink to, the
-          Adapter's License You apply. You may satisfy this condition
-          in any reasonable manner based on the medium, means, and
-          context in which You Share Adapted Material.
-
-       3. You may not offer or impose any additional or different terms
-          or conditions on, or apply any Effective Technological
-          Measures to, Adapted Material that restrict exercise of the
-          rights granted under the Adapter's License You apply.
-
-
-Section 4 -- Sui Generis Database Rights.
-
-Where the Licensed Rights include Sui Generis Database Rights that
-apply to Your use of the Licensed Material:
-
-  a. for the avoidance of doubt, Section 2(a)(1) grants You the right
-     to extract, reuse, reproduce, and Share all or a substantial
-     portion of the contents of the database for NonCommercial purposes
-     only;
-
-  b. if You include all or a substantial portion of the database
-     contents in a database in which You have Sui Generis Database
-     Rights, then the database in which You have Sui Generis Database
-     Rights (but not its individual contents) is Adapted Material,
-     including for purposes of Section 3(b); and
-
-  c. You must comply with the conditions in Section 3(a) if You Share
-     all or a substantial portion of the contents of the database.
-
-For the avoidance of doubt, this Section 4 supplements and does not
-replace Your obligations under this Public License where the Licensed
-Rights include other Copyright and Similar Rights.
-
-
-Section 5 -- Disclaimer of Warranties and Limitation of Liability.
-
-  a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
-     EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
-     AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
-     ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
-     IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
-     WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
-     PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
-     ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
-     KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
-     ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
-
-  b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
-     TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
-     NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
-     INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
-     COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
-     USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
-     ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
-     DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
-     IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
-
-  c. The disclaimer of warranties and limitation of liability provided
-     above shall be interpreted in a manner that, to the extent
-     possible, most closely approximates an absolute disclaimer and
-     waiver of all liability.
-
-
-Section 6 -- Term and Termination.
-
-  a. This Public License applies for the term of the Copyright and
-     Similar Rights licensed here. However, if You fail to comply with
-     this Public License, then Your rights under this Public License
-     terminate automatically.
-
-  b. Where Your right to use the Licensed Material has terminated under
-     Section 6(a), it reinstates:
-
-       1. automatically as of the date the violation is cured, provided
-          it is cured within 30 days of Your discovery of the
-          violation; or
-
-       2. upon express reinstatement by the Licensor.
-
-     For the avoidance of doubt, this Section 6(b) does not affect any
-     right the Licensor may have to seek remedies for Your violations
-     of this Public License.
-
-  c. For the avoidance of doubt, the Licensor may also offer the
-     Licensed Material under separate terms or conditions or stop
-     distributing the Licensed Material at any time; however, doing so
-     will not terminate this Public License.
-
-  d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
-     License.
-
-
-Section 7 -- Other Terms and Conditions.
-
-  a. The Licensor shall not be bound by any additional or different
-     terms or conditions communicated by You unless expressly agreed.
-
-  b. Any arrangements, understandings, or agreements regarding the
-     Licensed Material not stated herein are separate from and
-     independent of the terms and conditions of this Public License.
-
-
-Section 8 -- Interpretation.
-
-  a. For the avoidance of doubt, this Public License does not, and
-     shall not be interpreted to, reduce, limit, restrict, or impose
-     conditions on any use of the Licensed Material that could lawfully
-     be made without permission under this Public License.
-
-  b. To the extent possible, if any provision of this Public License is
-     deemed unenforceable, it shall be automatically reformed to the
-     minimum extent necessary to make it enforceable. If the provision
-     cannot be reformed, it shall be severed from this Public License
-     without affecting the enforceability of the remaining terms and
-     conditions.
-
-  c. No term or condition of this Public License will be waived and no
-     failure to comply consented to unless expressly agreed to by the
-     Licensor.
-
-  d. Nothing in this Public License constitutes or may be interpreted
-     as a limitation upon, or waiver of, any privileges and immunities
-     that apply to the Licensor or You, including from the legal
-     processes of any jurisdiction or authority.
--- a/LIST_OF_CHECKS_AND_GROUPS.md
+++ b/LIST_OF_CHECKS_AND_GROUPS.md
@@ -1,4 +0,0 @@
-```
-./prowler -l # to see all available checks and groups.
-./prowler -L # to see all available groups only.
-```
--- a/40
+++ b/40
@@ -0,0 +1,40 @@
+.DEFAULT_GOAL:=help
+
+##@ Testing
+test:   ## Test with pytest
+	pytest -n auto -vvv -s -x
+
+coverage: ## Show Test Coverage
+	coverage run --skip-covered -m pytest -v && \
+	coverage report -m && \
+	rm -rf .coverage
+
+##@ Linting
+format: ## Format Code
+	@echo "Running black..."
+	black .
+
+lint: ## Lint Code
+	@echo "Running flake8..."
+	flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib
+	@echo "Running black... "
+	black --check .
+	@echo "Running pylint..."
+	pylint --disable=W,C,R,E -j 0 providers lib util config
+
+##@ PyPI
+pypi-clean: ## Delete the distribution files
+	rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
+
+pypi-build: ## Build package
+	$(MAKE) pypi-clean && \
+	poetry build
+
+pypi-upload: ## Upload package
+	python3 -m twine upload --repository pypi dist/*
+
+
+##@ Help
+help:     ## Show this help.
+	@echo "Prowler Makefile"
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
--- a/README.md
+++ b/README.md
@@ -1,591 +1,275 @@
-# Prowler: AWS CIS Benchmark Tool
-
-## Table of Contents
-
- [Description](#description)
- [Features](#features)
- [Requirements and Installation](#requirements-and-installation)
- [Usage](#usage)
- [Fix](#fix)
- [Screenshots](#screenshots)
- [Troubleshooting](#troubleshooting)
- [Extras](#extras)
- [Forensics Ready Checks](#forensics-ready-checks)
- [GDPR Checks](#gdpr-checks)
- [HIPAA Checks](#hipaa-checks)
- [Add Custom Checks](#add-custom-checks)
- [Third Party Integrations](#third-party-integrations)
- [Full list of checks and groups](/LIST_OF_CHECKS_AND_GROUPS.md)
- [License](#license)
-
-## Description
-
-Prowler is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
-
-It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has 40 additional checks including related to GDPR and HIPAA.
-
-Read more about [CIS Amazon Web Services Foundations Benchmark v1.2.0 - 05-23-2018](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf)
-
-## Features
-
-It covers hardening and security best practices for all AWS regions related to the next groups:
-
- Identity and Access Management (22 checks) [group1]
- Logging (9 checks) [group2]
- Monitoring (14 checks) [group3]
- Networking (4 checks) [group4]
- CIS Level 1 [cislevel1]
- CIS Level 2 [cislevel2]
- Extras (39 checks) *see Extras section* [extras]
- Forensics related group of checks [forensics-ready]
- GDPR [gdpr] Read more [here](#gdpr-checks)
- HIPPA [hippa] Read more [here](#hipaa-checks)
-
-
-For a comprehensive list and resolution look at the guide on the link above.
-
-With Prowler you can:
-
- get a colorful or monochrome report
- a CSV format report for diff
- run specific checks without having to run the entire report
- check multiple AWS accounts in parallel
-
-## Requirements and Installation
-
-This script has been written in bash using AWS-CLI and it works in Linux and OSX.
-
- Make sure your AWS-CLI is installed on your workstation, with Python pip already installed:
-
-    ```sh
-    pip install awscli
-    ```
-
-    Or install it using "brew", "apt", "yum" or manually from <https://aws.amazon.com/cli/>
-
- Previous steps, from your workstation:
-
-    ```sh
-    git clone https://github.com/Alfresco/prowler
-    cd prowler
-    ```
-
- Make sure you have properly configured your AWS-CLI with a valid Access Key and Region:
-
-    ```sh
-    aws configure
-    ```
-
- Make sure your Secret and Access Keys are associated to a user with proper permissions to do all checks. To make sure add SecurityAuditor default policy to your user. Policy ARN is
-
-    ```sh
-    arn:aws:iam::aws:policy/SecurityAudit
-    ```
-
-    > In some cases you may need more list or get permissions in some services, look at the Troubleshooting section for a more comprehensive policy if you find issues with the default SecurityAudit policy.
-
-## Usage
-
-1. Run the `prowler` command without options (it will use your environment variable credentials if they exist or will default to using the `~/.aws/credentials` file and run checks over all regions when needed. The default region is us-east-1):
-
-    ```sh
-    ./prowler
-    ```
-
-    Use `-l` to list all available checks and group of checks (sections)
-
-1. For custom AWS-CLI profile and region, use the following: (it will use your custom profile and run checks over all regions when needed):
-
-    ```sh
-    ./prowler -p custom-profile -r us-east-1
-    ```
-
-1. For a single check use option `-c`:
-
-    ```sh
-    ./prowler -c check310
-    ```
-
-    or for custom profile and region:
-
-    ```sh
-    ./prowler -p custom-profile -r us-east-1 -c check11
-    ```
-
-    or for a group of checks use group name:
-
-    ```sh
-    ./prowler -g group1 # for iam related checks
-    ```
-
-    Valid check numbers are based on the AWS CIS Benchmark guide, so 1.1 is check11 and 3.10 is check310
-
-1. If you want to save your report for later analysis:
-
-    ```sh
-    ./prowler -M mono > prowler-report.txt
-    ```
-
-    or if you want a coloured HTML report do:
-
-    ```sh
-    pip install ansi2html
-    ./prowler | ansi2html -la > report.html
-    ```
-
-    or if you want a pipe-delimited report file, do:
-
-    ```sh
-    ./prowler -M csv > output.psv
-    ```
-    or json formatted output using jq, do:
-
-    ```sh
-    ./prowler -M json > prowler-output.json
-    ```
-
-    or save your report in a S3 bucket:
-
-    ```sh
-    ./prowler -M mono | aws s3 cp - s3://bucket-name/prowler-report.txt
-    ```
-
-1. To perform an assessment based on CIS Profile Definitions you can use level1 or level2 with `-c` flag, more information about this [here, page 8](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf):
-
-    ```sh
-    ./prowler -c level1
-    ```
-
-1. If you want to run Prowler to check multiple AWS accounts in parallel (runs up to 4 simultaneously `-P 4`):
-
-    ```sh
-    grep -E '^\[([0-9A-Aa-z_-]+)\]'  ~/.aws/credentials | tr -d '][' | shuf |  \
-    xargs -n 1 -L 1 -I @ -r -P 4 ./prowler -p @ -M csv  2> /dev/null  >> all-accounts.csv
-    ```
-
-1. For help use:
-
-    ```
-    ./prowler -h
-
-    USAGE:
-        prowler [ -p <profile> -r <region>  -h ]
-
-    Options:
-        -p <profile>        specify your AWS profile to use (i.e.: default)
-        -r <region>         specify an AWS region to direct API requests to
-                                (i.e.: us-east-1), all regions are checked anyway if the check requires it
-        -c <check_id>       specify a check id, to see all available checks use -l option
-                                (i.e.: check11 for check 1.1 or extra71 for extra check 71)
-        -g <group_id>       specify a group of checks by id, to see all available group of checks use -L
-                                (i.e.: check3 for entire section 3, level1 for CIS Level 1 Profile Definitions or forensics-ready)
-        -f <filterregion>   specify an AWS region to run checks against
-                                (i.e.: us-west-1)
-        -m <maxitems>       specify the maximum number of items to return for long-running requests (default: 100)
-        -M <mode>           output mode: text (default), mono, json, csv (separator is ,; data is on stdout; progress on stderr)
-        -k                  keep the credential report
-        -n                  show check numbers to sort easier
-                                (i.e.: 1.01 instead of 1.1)
-        -l                  list all available checks only (does not perform any check)
-        -L                  list all groups (does not perform any check)
-        -e                  exclude group extras
-        -b                  do not print Prowler banner
-        -h                  this help
-    ```
-
-## How to fix every FAIL
-
-Check your report and fix the issues following all specific guidelines per check in <https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf>
-
-## Screenshots
-
- Sample screenshot of report first lines:
-
-    <img width="1125" alt="screenshot 2016-09-13 16 05 42" src="https://cloud.githubusercontent.com/assets/3985464/18489640/50fe6824-79cc-11e6-8a9c-e788b88a8a6b.png">
-
- Sample screenshot of single check for check 3.3:
-
-    <img width="1006" alt="screenshot 2016-09-14 13 20 46" src="https://cloud.githubusercontent.com/assets/3985464/18522590/a04ca9a6-7a7e-11e6-8730-b545c9204990.png">
-
-## Troubleshooting
-
-### STS expired token
-
-If you are using an STS token for AWS-CLI and your session is expired you probably get this error:
+<p align="center">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-dark.png?raw=True#gh-dark-mode-only" width="150" height="36">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-light.png?raw=True#gh-light-mode-only" width="15%" height="15%">
+</p>
+<p align="center">
+  <b><i>See all the things you and your team can do with ProwlerPro at <a href="https://prowler.pro">prowler.pro</a></i></b>
+</p>
+<hr>
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png" />
+</p>
+<p align="center">
+  <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a>
+  <a href="https://pypi.org/project/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/v/prowler.svg"></a>
+  <a href="https://pypi.python.org/pypi/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/pyversions/prowler.svg"></a>
+  <a href="https://pypistats.org/packages/prowler"><img alt="PyPI Prowler Downloads" src="https://img.shields.io/pypi/dw/prowler.svg?label=prowler%20downloads"></a>
+  <a href="https://pypistats.org/packages/prowler-cloud"><img alt="PyPI Prowler-Cloud Downloads" src="https://img.shields.io/pypi/dw/prowler-cloud.svg?label=prowler-cloud%20downloads"></a>
+  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/toniblyx/prowler"></a>
+  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/cloud/build/toniblyx/prowler"></a>
+  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/image-size/toniblyx/prowler"></a>
+  <a href="https://gallery.ecr.aws/prowler-cloud/prowler"><img width="120" height=19" alt="AWS ECR Gallery" src="https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png"></a>
+</p>
+<p align="center">
+  <a href="https://github.com/prowler-cloud/prowler"><img alt="Repo size" src="https://img.shields.io/github/repo-size/prowler-cloud/prowler"></a>
+  <a href="https://github.com/prowler-cloud/prowler/issues"><img alt="Issues" src="https://img.shields.io/github/issues/prowler-cloud/prowler"></a>
+  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler?include_prereleases"></a>
+  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/release-date/prowler-cloud/prowler"></a>
+  <a href="https://github.com/prowler-cloud/prowler"><img alt="Contributors" src="https://img.shields.io/github/contributors-anon/prowler-cloud/prowler"></a>
+  <a href="https://github.com/prowler-cloud/prowler"><img alt="License" src="https://img.shields.io/github/license/prowler-cloud/prowler"></a>
+  <a href="https://twitter.com/ToniBlyx"><img alt="Twitter" src="https://img.shields.io/twitter/follow/toniblyx?style=social"></a>
+  <a href="https://twitter.com/prowlercloud"><img alt="Twitter" src="https://img.shields.io/twitter/follow/prowlercloud?style=social"></a>
+</p>
+
+# Description
+
+`Prowler` is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
+
+It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
+
+| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.cloud/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.cloud/en/latest/tutorials/misc/#categories) |
+|---|---|---|---|---|
+| AWS | 287 | 56 -> `prowler aws --list-services` | 25 -> `prowler aws --list-compliance` | 5 -> `prowler aws --list-categories` |
+| GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 23 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
+| Kubernetes | Planned | - | - | - |
+
+# 📖 Documentation
+
+The full documentation can now be found at [https://docs.prowler.cloud](https://docs.prowler.cloud)
+
+## Looking for Prowler v2 documentation?
+For Prowler v2 Documentation, please go to https://github.com/prowler-cloud/prowler/tree/2.12.1.
+
+# ⚙️ Install
+
+## Pip package
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9:
+
+```console
+pip install prowler
+prowler -v
+```
+More details at https://docs.prowler.cloud
+
+## Containers
+
+The available versions of Prowler are the following:
+
+- `latest`: in sync with master branch (bear in mind that it is not a stable version)
+- `<x.y.z>` (release): you can find the releases [here](https://github.com/prowler-cloud/prowler/releases), those are stable releases.
+- `stable`: this tag always point to the latest release.
+
+The container images are available here:
+
+- [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)
+- [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)
+
+## From Github
+
+Python >= 3.9 is required with pip and poetry:

 ```
-A client error (ExpiredToken) occurred when calling the GenerateCredentialReport operation: The security token included in the request is expired
+git clone https://github.com/prowler-cloud/prowler
+cd prowler
+poetry shell
+poetry install
+python prowler.py -v
 ```

-To fix it, please renew your token by authenticating again to the AWS API.
+# 📐✏️ High level architecture

-### Custom IAM Policy
+You can run Prowler from your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell and Cloud9.

-Instead of using default policy SecurityAudit for the account you use for checks you may need to create a custom policy with a few more permissions (get and list, not change!) here you go a good example for a "ProwlerPolicyReadOnly":
+![Architecture](https://github.com/prowler-cloud/prowler/assets/38561120/080261d9-773d-4af1-af79-217a273e3176)

-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [{
-        "Action": [
-            "acm:describecertificate",
-            "acm:listcertificates",
-            "apigateway:get",
-            "autoscaling:describe*",
-            "cloudformation:describestack*",
-            "cloudformation:getstackpolicy",
-            "cloudformation:gettemplate",
-            "cloudformation:liststack*",
-            "cloudfront:get*",
-            "cloudfront:list*",
-            "cloudtrail:describetrails",
-            "cloudtrail:geteventselectors",
-            "cloudtrail:gettrailstatus",
-            "cloudtrail:listtags",
-            "cloudwatch:describe*",
-            "codecommit:batchgetrepositories",
-            "codecommit:getbranch",
-            "codecommit:getobjectidentifier",
-            "codecommit:getrepository",
-            "codecommit:list*",
-            "codedeploy:batch*",
-            "codedeploy:get*",
-            "codedeploy:list*",
-            "config:deliver*",
-            "config:describe*",
-            "config:get*",
-            "datapipeline:describeobjects",
-            "datapipeline:describepipelines",
-            "datapipeline:evaluateexpression",
-            "datapipeline:getpipelinedefinition",
-            "datapipeline:listpipelines",
-            "datapipeline:queryobjects",
-            "datapipeline:validatepipelinedefinition",
-            "directconnect:describe*",
-            "dynamodb:listtables",
-            "ec2:describe*",
-            "ecr:describe*",
-            "ecs:describe*",
-            "ecs:list*",
-            "elasticache:describe*",
-            "elasticbeanstalk:describe*",
-            "elasticloadbalancing:describe*",
-            "elasticmapreduce:describejobflows",
-            "elasticmapreduce:listclusters",
-            "es:describeelasticsearchdomainconfig",
-            "es:listdomainnames",
-            "firehose:describe*",
-            "firehose:list*",
-            "glacier:listvaults",
-            "guardduty:listdetectors",
-            "iam:generatecredentialreport",
-            "iam:get*",
-            "iam:list*",
-            "kms:describe*",
-            "kms:get*",
-            "kms:list*",
-            "lambda:getpolicy",
-            "lambda:listfunctions",
-            "logs:DescribeLogGroups",
-            "logs:DescribeMetricFilters",
-            "rds:describe*",
-            "rds:downloaddblogfileportion",
-            "rds:listtagsforresource",
-            "redshift:describe*",
-            "route53:getchange",
-            "route53:getcheckeripranges",
-            "route53:getgeolocation",
-            "route53:gethealthcheck",
-            "route53:gethealthcheckcount",
-            "route53:gethealthchecklastfailurereason",
-            "route53:gethostedzone",
-            "route53:gethostedzonecount",
-            "route53:getreusabledelegationset",
-            "route53:listgeolocations",
-            "route53:listhealthchecks",
-            "route53:listhostedzones",
-            "route53:listhostedzonesbyname",
-            "route53:listqueryloggingconfigs",
-            "route53:listresourcerecordsets",
-            "route53:listreusabledelegationsets",
-            "route53:listtagsforresource",
-            "route53:listtagsforresources",
-            "route53domains:getdomaindetail",
-            "route53domains:getoperationdetail",
-            "route53domains:listdomains",
-            "route53domains:listoperations",
-            "route53domains:listtagsfordomain",
-            "s3:getbucket*",
-            "s3:getlifecycleconfiguration",
-            "s3:getobjectacl",
-            "s3:getobjectversionacl",
-            "s3:listallmybuckets",
-            "sdb:domainmetadata",
-            "sdb:listdomains",
-            "ses:getidentitydkimattributes",
-            "ses:getidentityverificationattributes",
-            "ses:listidentities",
-            "ses:listverifiedemailaddresses",
-            "ses:sendemail",
-            "sns:gettopicattributes",
-            "sns:listsubscriptionsbytopic",
-            "sns:listtopics",
-            "sqs:getqueueattributes",
-            "sqs:listqueues",
-            "support:describetrustedadvisorchecks",
-            "tag:getresources",
-            "tag:gettagkeys"
-        ],
-        "Effect": "Allow",
-        "Resource": "*"
-    }]
-}
+# 📝 Requirements
+
+Prowler has been written in Python using the [AWS SDK (Boto3)](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html#), [Azure SDK](https://azure.github.io/azure-sdk-for-python/) and [GCP API Python Client](https://github.com/googleapis/google-api-python-client/).
+## AWS
+
+Since Prowler uses AWS Credentials under the hood, you can follow any authentication method as described [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence).
+Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role):
+
+  ```console
+  aws configure
+  ```
+
+  or
+
+  ```console
+  export AWS_ACCESS_KEY_ID="ASXXXXXXX"
+  export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
+  export AWS_SESSION_TOKEN="XXXXXXXXX"
+  ```
+
+Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the following AWS managed policies to the user or role being used:
+
+  - arn:aws:iam::aws:policy/SecurityAudit
+  - arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
+
+  > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using.
+
+  > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json).
+
+  ## Azure
+
+  Prowler for Azure supports the following authentication types:
+
+- Service principal authentication by environment variables (Enterprise Application)
+- Current az cli credentials stored
+- Interactive browser authentication
+- Managed identity authentication
+
+### Service Principal authentication
+
+To allow Prowler assume the service principal identity to start the scan, it is needed to configure the following environment variables:
+
+```console
+export AZURE_CLIENT_ID="XXXXXXXXX"
+export AZURE_TENANT_ID="XXXXXXXXX"
+export AZURE_CLIENT_SECRET="XXXXXXX"
 ```

-### Incremental IAM Policy
+If you try to execute Prowler with the `--sp-env-auth` flag and those variables are empty or not exported, the execution is going to fail.
+### AZ CLI / Browser / Managed Identity authentication

-Alternatively, here is a policy which defines the permissions which are NOT present in the AWS Managed SecurityAudit policy. Attach both this policy and the [AWS Managed SecurityAudit policy](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/SecurityAudit$jsonEditor) to the group and you're good to go.
+The other three cases do not need additional configuration, `--az-cli-auth` and `--managed-identity-auth` are automated options, `--browser-auth` needs the user to authenticate using the default browser to start the scan. Also `--browser-auth` needs the tenant id to be specified with `--tenant-id`.

-```sh
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "support:DescribeTrustedAdvisorChecks"
-      ],
-      "Effect": "Allow",
-      "Resource": "*"
-    }
-  ]
-}
+### Permissions
+
+To use each one, you need to pass the proper flag to the execution. Prowler for Azure handles two types of permission scopes, which are:
+
+- **Azure Active Directory permissions**: Used to retrieve metadata from the identity assumed by Prowler and future AAD checks (not mandatory to have access to execute the tool)
+- **Subscription scope permissions**: Required to launch the checks against your resources, mandatory to launch the tool.
+
+
+#### Azure Active Directory scope
+
+Azure Active Directory (AAD) permissions required by the tool are the following:
+
+- `Directory.Read.All`
+- `Policy.Read.All`
+
+
+#### Subscriptions scope
+
+Regarding the subscription scope, Prowler by default scans all the subscriptions that is able to list, so it is required to add the following RBAC builtin roles per subscription  to the entity that is going to be assumed by the tool:
+
+- `Security Reader`
+- `Reader`
+
+
+## Google Cloud Platform
+
+Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order):
+
+1. [GOOGLE_APPLICATION_CREDENTIALS environment variable](https://cloud.google.com/docs/authentication/application-default-credentials#GAC)
+2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
+3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)
+
+Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the following roles to the member associated with the credentials:
+
+  - Viewer
+  - Security Reviewer
+  - Stackdriver Account Viewer
+
+> By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.
+
+# 💻 Basic Usage
+
+To run prowler, you will need to specify the provider (e.g aws or azure):
+
+```console
+prowler <provider>
 ```

-### Bootstrap Script
+![Prowler Execution](https://github.com/prowler-cloud/prowler/blob/b91b0103ff38e66a915c8a0ed84905a07e4aae1d/docs/img/short-display.png?raw=True)

-Quick bash script to set up a "prowler" IAM user and "SecurityAudit" group with the required permissions. To run the script below, you need user with administrative permissions; set the `AWS_DEFAULT_PROFILE` to use that account.
+> Running the `prowler` command without options will use your environment variable credentials.

-```sh
-export AWS_DEFAULT_PROFILE=default
-export ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' | tr -d '"')
-aws iam create-group --group-name SecurityAudit
-aws iam create-policy --policy-name ProwlerAuditAdditions --policy-document file://$(pwd)/iam/prowler-policy-additions.json
-aws iam attach-group-policy --group-name SecurityAudit --policy-arn arn:aws:iam::aws:policy/SecurityAudit
-aws iam attach-group-policy --group-name SecurityAudit --policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/ProwlerAuditAdditions
-aws iam create-user --user-name prowler
-aws iam add-user-to-group --user-name prowler --group-name SecurityAudit
-aws iam create-access-key --user-name prowler
-unset ACCOUNT_ID AWS_DEFAULT_PROFILE
+By default, prowler will generate a CSV, a JSON and a HTML report, however you can generate JSON-ASFF (only for AWS Security Hub) report with `-M` or `--output-modes`:
+
+```console
+prowler <provider> -M csv json json-asff html
 ```

-The `aws iam create-access-key` command will output the secret access key and the key id; keep these somewhere safe, and add them to `~/.aws/credentials` with an appropriate profile name to use them with prowler. This is the only time they secret key will be shown.  If you loose it, you will need to generate a replacement.
+The html report will be located in the `output` directory as the other files and it will look like:

-## Extras
+![Prowler Execution](https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/html-output.png?raw=True)

-We are adding additional checks to improve the information gather from each account, these checks are out of the scope of the CIS benchmark for AWS but we consider them very helpful to get to know each AWS account set up and find issues on it.
+You can use `-l`/`--list-checks` or `--list-services` to list all available checks or services within the provider.

-Note: Some of these checks for publicly facing resources may not actually be fully public due to other layered controls like S3 Bucket Policies, Security Groups or Network ACLs.
-
-At this moment we have 37 extra checks:
-
- 7.1 (`extra71`) Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)
- 7.2 (`extra72`) Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)
- 7.3 (`extra73`) Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)
- 7.4 (`extra74`) Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)
- 7.5 (`extra75`) Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)
- 7.6 (`extra76`) Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)
- 7.7 (`extra77`) Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)
- 7.8 (`extra78`) Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)
- 7.9 (`extra79`) Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)
- 7.10 (`extra710`) Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)
- 7.11 (`extra711`) Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)
- 7.12 (`extra712`) Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)
- 7.13 (`extra713`) Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)
- 7.14 (`extra714`) Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.15 (`extra715`) Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.16 (`extra716`) Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)
- 7.17 (`extra717`) Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.18 (`extra718`) Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.19 (`extra719`) Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)
- 7.20 (`extra720`) Check if Lambda functions are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.21 (`extra721`) Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.22 (`extra722`) Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.23 (`extra723`) Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)
- 7.24 (`extra724`) Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.25 (`extra725`) Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.26 (`extra726`) Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)
- 7.27 (`extra727`) Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)
- 7.28 (`extra728`) Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)
- 7.29 (`extra729`) Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)
- 7.30 (`extra730`) Check if ACM Certificates are about to expire in 7 days or less (Not Scored) (Not part of CIS benchmark)
- 7.31 (`extra731`) Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark)
- 7.32 (`extra732`) Check if Geo restrictions are enabled in CloudFront distributions (Not Scored) (Not part of CIS benchmark)
- 7.33 (`extra733`) Check if there are SAML Providers then STS can be used (Not Scored) (Not part of CIS benchmark)
- 7.34 (`extra734`) Check if S3 buckets have default encryption (SSE) enabled and policy to enforce it (Not Scored) (Not part of CIS benchmark)
- 7.35 (`extra735`) Check if RDS instances storage is encrypted (Not Scored) (Not part of CIS benchmark)
- 7.36 (`extra736`) Check exposed KMS keys (Not Scored) (Not part of CIS benchmark)
- 7.37 (`extra737`) Check KMS keys with key rotation disabled (Not Scored) (Not part of CIS benchmark)
- 7.38 (`extra738`) Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark)
- 7.38 (`extra739`) Check if ELBs have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.40 (`extra740`) Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)
-
-To check all extras in one command:
-
-```sh
-./prowler -g extras
+```console
+prowler <provider> --list-checks
+prowler <provider> --list-services
 ```

-or to run just one of the checks:
+For executing specific checks or services you can use options `-c`/`--checks` or `-s`/`--services`:

-```sh
-./prowler -c extraNUMBER
+```console
+prowler aws --checks s3_bucket_public_access
+prowler aws --services s3 ec2
 ```

-## Forensics Ready Checks
+Also, checks and services can be excluded with options `-e`/`--excluded-checks` or `--excluded-services`:

-With this group of checks, Prowler looks if each service with logging or audit capabilities has them enabled to ensure all needed evidences are recorded and collected for an eventual digital forensic investigation in case of incident. List of checks part of this group (you can also see all groups with `./prowler -l`):
-
- 2.1  Ensure CloudTrail is enabled in all regions (Scored)
- 2.2  Ensure CloudTrail log file validation is enabled (Scored)
- 2.3  Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)
- 2.4  Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)
- 2.5  Ensure AWS Config is enabled in all regions (Scored)
- 2.6  Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)
- 2.7  Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)
- 4.3  Ensure VPC Flow Logging is Enabled in all VPCs (Scored)
- 7.12  Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)
- 7.13  Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)
- 7.14  Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.15  Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.17  Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.18  Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.19  Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)
- 7.20  Check if Lambda functions are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.21  Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.22  Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.23  Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)
- 7.24  Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.25  Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.38  Check if ELBs have logging enabled (Not Scored) (Not part of CIS benchmark)
-
-The `forensics-ready` group of checks uses existing and extra checks. To get a forensics readiness report, run this command:
-
-```sh
-./prowler -g forensics-ready
+```console
+prowler aws --excluded-checks s3_bucket_public_access
+prowler aws --excluded-services s3 ec2
 ```

-## GDPR Checks
+You can always use `-h`/`--help` to access to the usage information and all the possible options:

-With this group of checks, Prowler shows result of checks related to GDPR, more information [here](https://github.com/toniblyx/prowler/issues/189). The list of checks showed by this group is as follows:
-
- 7.18 [extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.25 [extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.27 [extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)
- 1.2  [check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
- 1.13  [check113] Ensure MFA is enabled for the root account (Scored)
- 1.14  [check114] Ensure hardware MFA is enabled for the root account (Scored)
- 7.1 [extra71] Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)
- 7.31 [extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark)
- 7.32 [extra732] Check if Geo restrictions are enabled in CloudFront distributions (Not Scored) (Not part of CIS benchmark)
- 7.33 [extra733] Check if there are SAML Providers then STS can be used (Not Scored) (Not part of CIS benchmark)
- 2.5  [check25] Ensure AWS Config is enabled in all regions (Scored)
- 3.9  [check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)
- 2.1  [check21] Ensure CloudTrail is enabled in all regions (Scored)
- 2.2  [check22] Ensure CloudTrail log file validation is enabled (Scored)
- 2.3  [check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)
- 2.4  [check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)
- 2.6  [check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)
- 2.7  [check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)
- 3.5  [check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)
- 7.26 [extra726] Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)
- 7.14 [extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.15 [extra715] Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.17 [extra717] Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.19 [extra719] Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)
- 7.20 [extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.21 [extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.22 [extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)
- 4.3  [check43] Ensure the default security group of every VPC restricts all traffic (Scored)
- 2.5  [check25] Ensure AWS Config is enabled in all regions (Scored)
- 7.14 [extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.29 [extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)
- 7.34 [extra734] Check if S3 buckets have default encryption (SSE) enabled and policy to enforce it (Not Scored) (Not part of CIS benchmark)
- 7.35 [extra735] Check if RDS instances storage is encrypted (Not Scored) (Not part of CIS benchmark)
- 7.36 [extra736] Check exposed KMS keys (Not Scored) (Not part of CIS benchmark)
- 7.38 [extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark)
- 7.40 [extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)
-
-The `gdpr` group of checks uses existing and extra checks. To get a GDPR report, run this command:
-
-```sh
-./prowler -g gdpr
+```console
+prowler -h
 ```

-## HIPAA Checks
-
-With this group of checks, Prowler shows result of checks related to HIPAA, more information [here](https://github.com/toniblyx/prowler/issues/227). The list of checks showed by this group is as follows:
-
- 1.13  [check113] Ensure MFA is enabled for the root account (Scored)
- 2.3  [check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)
- 2.6  [check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)
- 2.7  [check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)
- 2.9  [check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)
- 7.18 [extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.25 [extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)
- 7.2 [extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)
- 7.5 [extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)
- 7.39 [extra739] Check if ELBs have logging enabled (Not Scored) (Not part of CIS benchmark)
- 7.29 [extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)
- 7.34 [extra734] Check if S3 buckets have default encryption (SSE) enabled and policy to enforce it (Not Scored) (Not part of CIS benchmark)
- 3.8  [check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)
- 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)
- 7.40 [extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)
- 7.35 [extra735] Check if RDS instances storage is encrypted (Not Scored) (Not part of CIS benchmark)
-
-The `hipaa` group of checks uses existing and extra checks. To get a HIPAA report, run this command:
-
-```sh
-./prowler -g hipaa
+## Checks Configurations
+Several Prowler's checks have user configurable variables that can be modified in a common **configuration file**.
+This file can be found in the following path:
+```
+prowler/config/config.yaml
 ```

-## Add Custom Checks
+## AWS

-In order to add any new check feel free to create a new extra check in the extras group or other group. To do so, you will need to follow these steps:
+Use a custom AWS profile with `-p`/`--profile` and/or AWS regions which you want to audit with `-f`/`--filter-region`:

-1. Follow structure in file `checks/check_sample`
-2. Name your check with a number part of an existing group or a new one
-3. Save changes and run it as `./prowler -c extraNN`
-4. Send me a pull request! :)
+```console
+prowler aws --profile custom-profile -f us-east-1 eu-south-2
+```
+> By default, `prowler` will scan all AWS regions.

-## Add Custom Groups
+## Azure

-1. Follow structure in file `groups/groupN_sample`
-1. Name your group with a non existing number
-1. Save changes and run it as `./prowler -g extraNN`
-1. Send me a pull request! :)
+With Azure you need to specify which auth method is going to be used:

- You can also create a group with only the checks that you want to perform in your company, for instance a group named `group9_mycompany` with only the list of checks that you care or your particular compliance applies.
+```console
+prowler azure [--sp-env-auth, --az-cli-auth, --browser-auth, --managed-identity-auth]
+```
+> By default, `prowler` will scan all Azure subscriptions.

-## Third Party Integrations
+## Google Cloud Platform

-### Telegram
+Optionally, you can provide the location of an application credential JSON file with the following argument:

-Javier Pecete has done an awesome job integrating Prowler with Telegram, you have more details here <https://github.com/i4specete/ServerTelegramBot>
+```console
+prowler gcp --credentials-file path
+```
+> By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.

-### Cloud Security Suite
+# 📃 License

-The guys of SecurityFTW have added Prowler in their Cloud Security Suite along with other cool security tools <https://github.com/SecurityFTW/cs-suite>
-
-## License
-
-All CIS based checks in the checks folder are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License.
-The link to the license terms can be found at
-<https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode>
-Any other piece of code is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at
+Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at
 <http://www.apache.org/licenses/LICENSE-2.0>
-
-NOTE: If you are interested in using Prowler for commercial purposes remember that due to the CC4.0 license “The distributors or partners that are interested and using Prowler would need to enroll as CIS SecureSuite Members to incorporate this product, which includes references to CIS resources, in their offering.". Information about CIS pricing for vendors here: <https://www.cisecurity.org/cis-securesuite/pricing-and-categories/product-vendor/>
-
-**I'm not related anyhow with CIS organization, I just write and maintain Prowler to help companies over the world to make their cloud infrastructure more secure.**
-
-If you want to contact me visit <https://blyx.com/contact>
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+## Software Security
+As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (FTR)](https://aws.amazon.com/partners/foundational-technical-review/) and we use the following tools and automation to make sure our code is secure and dependencies up-to-dated:
+
+- `bandit` for code security review.
+- `safety` and `dependabot` for dependencies.
+- `hadolint` and `dockle` for our containers security.
+- `snyk` in Docker Hub.
+- `clair` in Amazon ECR.
+- `vulture`, `flake8`, `black` and `pylint` for formatting and best practices.
+
+## Reporting a Vulnerability
+
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.
+
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+
+We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.
+
+You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability.
+
+We will coordinate public notification of any validated vulnerability with you. Where possible, we prefer that our respective public disclosures be posted simultaneously.
--- a/checks/check11
+++ b/checks/check11
@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check11="1.1,1.01"
-CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
-CHECK_SCORED_check11="SCORED"
-CHECK_TYPE_check11="LEVEL1"
-CHECK_ALTERNATE_check101="check11"
-
-check11(){
-  # "Avoid the use of the root account (Scored)."
-  COMMAND11=$(cat $TEMP_REPORT_FILE| grep '<root_account>' | cut -d, -f5,11,16 | sed 's/,/\ /g')
-  textInfo "Root account last accessed (password key_1 key_2): $COMMAND11"
-}
--- a/checks/check110
+++ b/checks/check110
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check110="1.10"
-CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"
-CHECK_SCORED_check110="SCORED"
-CHECK_TYPE_check110="LEVEL1"
-CHECK_ALTERNATE_check110="check110"
-
-check110(){
-  # "Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"
-  COMMAND110=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query 'PasswordPolicy.PasswordReusePrevention' --output text 2> /dev/null)
-  if [[ $COMMAND110 ]];then
-    if [[ $COMMAND110 -gt "23" ]];then
-      textPass "Password Policy limits reuse"
-    else
-      textFail "Password Policy has weak reuse requirement (lower than 24)"
-    fi
-  else
-    textFail "Password Policy missing reuse requirement"
-  fi
-}
--- a/checks/check111
+++ b/checks/check111
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check111="1.11"
-CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)"
-CHECK_SCORED_check111="SCORED"
-CHECK_TYPE_check111="LEVEL1"
-CHECK_ALTERNATE_check111="check111"
-
-check111(){
-  # "Ensure IAM password policy expires passwords within 90 days or less (Scored)"
-  COMMAND111=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query PasswordPolicy.MaxPasswordAge --output text 2> /dev/null)
-  if [[ $COMMAND111 ]];then
-    if [[ "$COMMAND111" -le "90" ]];then
-      textPass "Password Policy includes expiration (Value: $COMMAND111)"
-    else
-      textFail "Password expiration is set greater than 90 days"
-    fi
-  else
-    textFail "Password expiration is not set"
-  fi
-}
--- a/checks/check112
+++ b/checks/check112
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check112="1.12"
-CHECK_TITLE_check112="[check112] Ensure no root account access key exists (Scored)"
-CHECK_SCORED_check112="SCORED"
-CHECK_TYPE_check112="LEVEL1"
-CHECK_ALTERNATE_check112="check112"
-
-check112(){
-  # "Ensure no root account access key exists (Scored)"
-  # ensure the access_key_1_active and access_key_2_active fields are set to FALSE.
-  ROOTKEY1=$(cat $TEMP_REPORT_FILE |grep root_account|awk -F',' '{ print $9 }')
-  ROOTKEY2=$(cat $TEMP_REPORT_FILE |grep root_account|awk -F',' '{ print $14 }')
-  if [ "$ROOTKEY1" == "false" ];then
-    textPass "No access key 1 found for root"
-  else
-    textFail "Found access key 1 for root "
-  fi
-  if [ "$ROOTKEY2" == "false" ];then
-    textPass "No access key 2 found for root"
-  else
-    textFail "Found access key 2 for root "
-  fi
-}
--- a/checks/check113
+++ b/checks/check113
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check113="1.13"
-CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account (Scored)"
-CHECK_SCORED_check113="SCORED"
-CHECK_TYPE_check113="LEVEL1"
-CHECK_ALTERNATE_check113="check113"
-
-check113(){
-  # "Ensure MFA is enabled for the root account (Scored)"
-  COMMAND113=$($AWSCLI iam get-account-summary $PROFILE_OPT --region $REGION --output json --query 'SummaryMap.AccountMFAEnabled')
-  if [ "$COMMAND113" == "1" ]; then
-    textPass "Virtual MFA is enabled for root"
-  else
-    textFail "MFA is not ENABLED for root account "
-  fi
-}
--- a/checks/check114
+++ b/checks/check114
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check114="1.14"
-CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account (Scored)"
-CHECK_SCORED_check114="SCORED"
-CHECK_TYPE_check114="LEVEL2"
-CHECK_ALTERNATE_check114="check114"
-
-check114(){
-  # "Ensure hardware MFA is enabled for the root account (Scored)"
-  COMMAND113=$($AWSCLI iam get-account-summary $PROFILE_OPT --region $REGION --output json --query 'SummaryMap.AccountMFAEnabled')
-  if [ "$COMMAND113" == "1" ]; then
-    COMMAND114=$($AWSCLI iam list-virtual-mfa-devices $PROFILE_OPT --region $REGION --output text --assignment-status Assigned --query 'VirtualMFADevices[*].[SerialNumber]' | grep '^arn:aws:iam::[0-9]\{12\}:mfa/root-account-mfa-device$')
-    if [[ "$COMMAND114" ]]; then
-      textFail "Only Virtual MFA is enabled for root"
-    else
-      textPass "Hardware MFA is enabled for root "
-    fi
-  else
-    textFail "MFA is not ENABLED for root account "
-  fi
-}
--- a/checks/check115
+++ b/checks/check115
@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check115="1.15"
-CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account (Not Scored)"
-CHECK_SCORED_check115="NOT_SCORED"
-CHECK_TYPE_check115="LEVEL1"
-CHECK_ALTERNATE_check115="check115"
-
-check115(){
-  # "Ensure security questions are registered in the AWS account (Not Scored)"
-  textInfo "No command available for check 1.15 "
-  textInfo "Login to the AWS Console as root & click on the Account "
-  textInfo "Name -> My Account -> Configure Security Challenge Questions "
-}
--- a/checks/check116
+++ b/checks/check116
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check116="1.16"
-CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles (Scored)"
-CHECK_SCORED_check116="SCORED"
-CHECK_TYPE_check116="LEVEL1"
-CHECK_ALTERNATE_check116="check116"
-
-check116(){
-  # "Ensure IAM policies are attached only to groups or roles (Scored)"
-  LIST_USERS=$($AWSCLI iam list-users --query 'Users[*].UserName' --output text $PROFILE_OPT --region $REGION)
-  C116_NUM_USERS=0
-  for user in $LIST_USERS;do
-    USER_POLICY=$($AWSCLI iam list-attached-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
-    if [[ $USER_POLICY ]]; then
-      textFail "$user has managed policy directly attached "
-      C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
-    fi
-    USER_POLICY=$($AWSCLI iam list-user-policies --output text $PROFILE_OPT --region $REGION --user-name $user)
-    if [[ $USER_POLICY ]]; then
-      textFail "$user has inline policy directly attached "
-      C116_NUM_USERS=$(expr $C116_NUM_USERS + 1)
-    fi
-  done
-  if [[ $C116_NUM_USERS -eq 0 ]]; then
-    textPass "No policies attached to users."
-  fi
-}
--- a/checks/check117
+++ b/checks/check117
@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check117="1.17"
-CHECK_TITLE_check117="[check117] Maintain current contact details (Scored)"
-CHECK_SCORED_check117="SCORED"
-CHECK_TYPE_check117="LEVEL1"
-CHECK_ALTERNATE_check117="check117"
-
-check117(){
-  # "Maintain current contact details (Scored)"
-  # No command available
-  textInfo "No command available for check 1.17 "
-  textInfo "See section 1.17 on the CIS Benchmark guide for details "
-}
--- a/checks/check118
+++ b/checks/check118
@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check118="1.18"
-CHECK_TITLE_check118="[check118] Ensure security contact information is registered (Scored)"
-CHECK_SCORED_check118="SCORED"
-CHECK_TYPE_check118="LEVEL1"
-CHECK_ALTERNATE_check118="check118"
-
-check118(){
-  # "Ensure security contact information is registered (Scored)"
-  # No command available
-  textInfo "No command available for check 1.18 "
-  textInfo "See section 1.18 on the CIS Benchmark guide for details "
-}
--- a/checks/check119
+++ b/checks/check119
@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check119="1.19"
-CHECK_TITLE_check119="[check119] Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"
-CHECK_SCORED_check119="NOT_SCORED"
-CHECK_TYPE_check119="LEVEL2"
-CHECK_ALTERNATE_check119="check119"
-
-check119(){
-  # "Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"
-  textInfo "No command available for check 1.19 "
-  textInfo "See section 1.19 on the CIS Benchmark guide for details "
-}
--- a/checks/check12
+++ b/checks/check12
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check12="1.2,1.02"
-CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
-CHECK_SCORED_check12="SCORED"
-CHECK_TYPE_check12="LEVEL1"
-CHECK_ALTERNATE_check102="check12"
-
-check12(){
-  # "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
-  # List users with password enabled
-  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
-  COMMAND12=$(
-    for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
-      cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$8 }' |grep "^$i " |grep false | awk '{ print $1 }'
-    done)
-    if [[ $COMMAND12 ]]; then
-      for u in $COMMAND12; do
-        textFail "User $u has Password enabled but MFA disabled"
-      done
-    else
-      textPass "No users found with Password enabled and MFA disabled"
-    fi
-}
--- a/checks/check120
+++ b/checks/check120
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check120="1.20"
-CHECK_TITLE_check120="[check120] Ensure a support role has been created to manage incidents with AWS Support (Scored)"
-CHECK_SCORED_check120="SCORED"
-CHECK_TYPE_check120="LEVEL1"
-CHECK_ALTERNATE_check120="check120"
-
-check120(){
-  # "Ensure a support role has been created to manage incidents with AWS Support (Scored)"
-  SUPPORTPOLICYARN=$($AWSCLI iam list-policies --query "Policies[?PolicyName == 'AWSSupportAccess'].Arn" $PROFILE_OPT --region $REGION --output text)
-  if [[ $SUPPORTPOLICYARN ]];then
-    for policyarn in $SUPPORTPOLICYARN;do
-      POLICYUSERS=$($AWSCLI iam list-entities-for-policy --policy-arn $SUPPORTPOLICYARN $PROFILE_OPT --region $REGION --output json)
-      if [[ $POLICYUSERS ]];then
-        textPass "Support Policy attached to $policyarn"
-        for user in $(echo "$POLICYUSERS" | grep UserName | cut -d'"' -f4) ; do
-          textInfo "User $user has support access via $policyarn"
-        done
-        # textInfo "Make sure your team can create a Support case with AWS "
-      else
-        textFail "Support Policy not applied to any Group / User / Role "
-      fi
-    done
-  else
-    textFail "No Support Policy found"
-  fi
-}
--- a/checks/check121
+++ b/checks/check121
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check121="1.21"
-CHECK_TITLE_check121="[check121] Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"
-CHECK_SCORED_check121="NOT_SCORED"
-CHECK_TYPE_check121="LEVEL1"
-CHECK_ALTERNATE_check121="check121"
-
-check121(){
-  # "Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"
-  LIST_USERS=$($AWSCLI iam list-users --query 'Users[*].UserName' --output text $PROFILE_OPT --region $REGION)
-  # List of USERS with KEY1 last_used_date as N/A
-  LIST_USERS_KEY1_NA=$(for user in $LIST_USERS; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$11 }'|grep N/A |awk '{ print $1 }'; done)
-  LIST_USERS_KEY1_ACTIVE=$(for user in $LIST_USERS_KEY1_NA; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$9 }'|grep "true$"|awk '{ print $1 }'|sed 's/[[:blank:]]+/,/g' ; done)
-  if [[ $LIST_USERS_KEY1_ACTIVE ]]; then
-    for user in $LIST_USERS_KEY1_ACTIVE; do
-      textInfo "$user has never used Access Key 1"
-    done
-  else
-    textPass "No users found with Access Key 1 never used"
-  fi
-  # List of USERS with KEY2 last_used_date as N/A
-  LIST_USERS_KEY2_NA=$(for user in $LIST_USERS; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$16 }'|grep N/A |awk '{ print $1 }' ; done)
-  LIST_USERS_KEY2_ACTIVE=$(for user in $LIST_USERS_KEY2_NA; do grep "^${user}," $TEMP_REPORT_FILE|awk -F, '{ print $1,$14 }'|grep "true$" |awk '{ print $1 }' ; done)
-  if [[ $LIST_USERS_KEY2_ACTIVE ]]; then
-    for user in $LIST_USERS_KEY2_ACTIVE; do
-      textInfo "$user has never used Access Key 2"
-    done
-  else
-    textPass "No users found with Access Key 2 never used"
-  fi
-}
--- a/checks/check122
+++ b/checks/check122
@@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check122="1.22"
-CHECK_TITLE_check122="[check122] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"
-CHECK_SCORED_check122="SCORED"
-CHECK_TYPE_check122="LEVEL1"
-CHECK_ALTERNATE_check122="check122"
-
-check122(){
-  # "Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"
-  LIST_CUSTOM_POLICIES=$($AWSCLI iam list-policies --output text $PROFILE_OPT --region $REGION --scope Local --query 'Policies[*].[Arn,DefaultVersionId]' | grep -v -e '^None$' | awk -F '\t' '{print $1","$2"\n"}')
-  if [[ $LIST_CUSTOM_POLICIES ]]; then
-    textInfo "Looking for custom policies: (skipping default policies - it may take few seconds...)"
-    for policy in $LIST_CUSTOM_POLICIES; do
-      POLICY_ARN=$(echo $policy | awk -F ',' '{print $1}')
-      POLICY_VERSION=$(echo $policy | awk -F ',' '{print $2}')
-      POLICY_WITH_FULL=$($AWSCLI iam get-policy-version --output text --policy-arn $POLICY_ARN --version-id $POLICY_VERSION --query "PolicyVersion.Document.Statement[?Action!=null]|[?Effect == 'Allow' && contains(Resource, '*') && contains (Action, '*')]" $PROFILE_OPT --region $REGION)
-      if [[ $POLICY_WITH_FULL ]]; then
-        POLICIES_ALLOW_LIST="$POLICIES_ALLOW_LIST $POLICY_ARN"
-      fi
-    done
-    if [[ $POLICIES_ALLOW_LIST ]]; then
-      textInfo "List of custom policies: "
-      for policy in $POLICIES_ALLOW_LIST; do
-        textInfo "Policy $policy allows \"*:*\""
-      done
-    else
-        textPass "No custom policy found that allow full \"*:*\" administrative privileges"
-    fi
-  else
-    textPass "No custom policies found"
-  fi
-}
--- a/checks/check13
+++ b/checks/check13
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check13="1.3,1.03"
-CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
-CHECK_SCORED_check13="SCORED"
-CHECK_TYPE_check13="LEVEL1"
-CHECK_ALTERNATE_check103="check13"
-
-check13(){
-  # "Ensure credentials unused for 90 days or greater are disabled (Scored)"
-  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
-  # Only check Password last used for users with password enabled 
-  if [[ $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED ]]; then
-    for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
-      DATEUSED=$($AWSCLI iam list-users --query "Users[?UserName=='$i'].PasswordLastUsed" --output text $PROFILE_OPT --region $REGION | cut -d'T' -f1)
-      if [ "$DATEUSED" == "" ]
-      then
-        textFail "User \"$i\" has not logged in during the last 90 days "
-      else
-        HOWOLDER=$(how_older_from_today $DATEUSED)
-        if [ $HOWOLDER -gt "90" ];then
-          textFail "User \"$i\" has not logged in during the last 90 days "
-        else
-          textPass "User \"$i\" found with credentials used in the last 90 days"
-        fi
-      fi
-    done
-  else
-      textPass "No users found with password enabled"
-  fi
-}
--- a/checks/check14
+++ b/checks/check14
@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check14="1.4,1.04"
-CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)"
-CHECK_SCORED_check14="SCORED"
-CHECK_TYPE_check14="LEVEL1"
-CHECK_ALTERNATE_check104="check14"
-
-check14(){
-  # "Ensure access keys are rotated every 90 days or less (Scored)" # also checked by Security Monkey
-  LIST_OF_USERS_WITH_ACCESS_KEY1=$(cat $TEMP_REPORT_FILE| awk -F, '{ print $1, $9 }' |grep "\ true" | awk '{ print $1 }')
-  LIST_OF_USERS_WITH_ACCESS_KEY2=$(cat $TEMP_REPORT_FILE| awk -F, '{ print $1, $14 }' |grep "\ true" | awk '{ print $1 }')
-  C14_NUM_USERS1=0
-  C14_NUM_USERS2=0
-    if [[ $LIST_OF_USERS_WITH_ACCESS_KEY1 ]]; then
-      # textFail "Users with access key 1 older than 90 days:"
-      for user in $LIST_OF_USERS_WITH_ACCESS_KEY1; do
-        # check access key 1
-        DATEROTATED1=$(cat $TEMP_REPORT_FILE | grep -v user_creation_time | grep "^${user},"| awk -F, '{ print $10 }' | grep -v "N/A" | awk -F"T" '{ print $1 }')
-        HOWOLDER=$(how_older_from_today $DATEROTATED1)
-
-        if [ $HOWOLDER -gt "90" ];then
-          textFail " $user has not rotated access key1 in over 90 days."
-          C14_NUM_USERS1=$(expr $C14_NUM_USERS1 + 1)
-        fi
-      done
-      if [[ $C14_NUM_USERS1 -eq 0 ]]; then
-        textPass "No users with access key 1 older than 90 days."
-      fi
-    else
-      textPass "No users with access key 1."
-    fi
-
-    if [[ $LIST_OF_USERS_WITH_ACCESS_KEY2 ]]; then
-      # textFail "Users with access key 2 older than 90 days:"
-      for user in $LIST_OF_USERS_WITH_ACCESS_KEY2; do
-        # check access key 2
-        DATEROTATED2=$(cat $TEMP_REPORT_FILE | grep -v user_creation_time | grep "^${user},"| awk -F, '{ print $15 }' | grep -v "N/A" | awk -F"T" '{ print $1 }')
-        HOWOLDER=$(how_older_from_today $DATEROTATED2)
-        if [ $HOWOLDER -gt "90" ];then
-          textFail " $user has not rotated access key2 in over 90 days. "
-          C14_NUM_USERS2=$(expr $C14_NUM_USERS2 + 1)
-        fi
-      done
-      if [[ $C14_NUM_USERS2 -eq 0 ]]; then
-        textPass "No users with access key 2 older than 90 days."
-      fi
-    else
-      textPass "No users with access key 2."
-    fi
-}
--- a/checks/check15
+++ b/checks/check15
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check15="1.5,1.05"
-CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)"
-CHECK_SCORED_check15="SCORED"
-CHECK_TYPE_check15="LEVEL1"
-CHECK_ALTERNATE_check105="check15"
-
-check15(){
-  # "Ensure IAM password policy requires at least one uppercase letter (Scored)"
-  COMMAND15=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireUppercaseCharacters' 2> /dev/null) # must be true
-  if [[ "$COMMAND15" == "true" ]];then
-    textPass "Password Policy requires upper case"
-  else
-    textFail "Password Policy missing upper-case requirement"
-  fi
-}
--- a/checks/check16
+++ b/checks/check16
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check16="1.6,1.06"
-CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
-CHECK_SCORED_check16="SCORED"
-CHECK_TYPE_check16="LEVEL1"
-CHECK_ALTERNATE_check106="check16"
-
-check16(){
-  # "Ensure IAM password policy require at least one lowercase letter (Scored)"
-  COMMAND16=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireLowercaseCharacters' 2> /dev/null) # must be true
-  if [[ "$COMMAND16" == "true" ]];then
-    textPass "Password Policy requires lower case"
-  else
-    textFail "Password Policy missing lower-case requirement"
-  fi
-}
--- a/checks/check17
+++ b/checks/check17
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check17="1.7,1.07"
-CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)"
-CHECK_SCORED_check17="SCORED"
-CHECK_TYPE_check17="LEVEL1"
-CHECK_ALTERNATE_check107="check17"
-
-check17(){
-  # "Ensure IAM password policy require at least one symbol (Scored)"
-  COMMAND17=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireSymbols' 2> /dev/null) # must be true
-  if [[ "$COMMAND17" == "true" ]];then
-    textPass "Password Policy requires symbol"
-  else
-    textFail "Password Policy missing symbol requirement"
-  fi
-}
--- a/checks/check18
+++ b/checks/check18
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check18="1.8,1.08"
-CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)"
-CHECK_SCORED_check18="SCORED"
-CHECK_TYPE_check18="LEVEL1"
-CHECK_ALTERNATE_check108="check18"
-
-check18(){
-  # "Ensure IAM password policy require at least one number (Scored)"
-  COMMAND18=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.RequireNumbers' 2> /dev/null) # must be true
-  if [[ "$COMMAND18" == "true" ]];then
-    textPass "Password Policy requires number"
-  else
-    textFail "Password Policy missing number requirement"
-  fi
-}
--- a/checks/check19
+++ b/checks/check19
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check19="1.9,1.09"
-CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
-CHECK_SCORED_check19="SCORED"
-CHECK_TYPE_check19="LEVEL1"
-CHECK_ALTERNATE_check109="check19"
-
-check19(){
-  # "Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
-  COMMAND19=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.MinimumPasswordLength' 2> /dev/null)
-  if [[ $COMMAND19 -gt "13" ]];then
-    textPass "Password Policy requires more than 13 characters"
-  else
-    textFail "Password Policy missing or weak length requirement"
-  fi
-}
--- a/checks/check21
+++ b/checks/check21
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check21="2.1,2.01"
-CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)"
-CHECK_SCORED_check21="SCORED"
-CHECK_TYPE_check21="LEVEL1"
-CHECK_ALTERNATE_check201="check21"
-
-check21(){
-  # "Ensure CloudTrail is enabled in all regions (Scored)"
-  LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].Name' --output text)
-  if [[ $LIST_OF_TRAILS ]];then
-    for trail in $LIST_OF_TRAILS;do
-      MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail)
-      if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then
-        textFail "$trail trail in $REGION is not enabled in multi region mode"
-      else
-        textPass "$trail trail in $REGION is enabled for all regions"
-      fi
-    done
-  else
-    textFail "No CloudTrail trails found!"
-  fi
-}
--- a/checks/check22
+++ b/checks/check22
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check22="2.2,2.02"
-CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
-CHECK_SCORED_check22="SCORED"
-CHECK_TYPE_check22="LEVEL2"
-CHECK_ALTERNATE_check202="check22"
-
-check22(){
-  # "Ensure CloudTrail log file validation is enabled (Scored)"
-  LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].Name' --output text)
-  if [[ $LIST_OF_TRAILS ]];then
-    for trail in $LIST_OF_TRAILS;do
-      LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
-      if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
-        textFail "$trail trail in $REGION has not log file validation enabled"
-      else
-        textPass "$trail trail in $REGION has log file validation enabled"
-      fi
-    done
-  else
-    textFail "No CloudTrail trails found!"
-  fi
-}
--- a/checks/check23
+++ b/checks/check23
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check23="2.3,2.03"
-CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
-CHECK_SCORED_check23="SCORED"
-CHECK_TYPE_check23="LEVEL1"
-CHECK_ALTERNATE_check203="check23"
-
-check23(){
-  # "Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
-  CLOUDTRAILBUCKET=$($AWSCLI cloudtrail describe-trails --query 'trailList[*].S3BucketName' --output text $PROFILE_OPT --region $REGION)
-  if [[ $CLOUDTRAILBUCKET ]];then
-    for bucket in $CLOUDTRAILBUCKET;do
-      CLOUDTRAILBUCKET_HASALLPERMISIONS=$($AWSCLI s3api get-bucket-acl --bucket $bucket --query 'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers`]' $PROFILE_OPT --region $REGION --output text)
-      if [[ $CLOUDTRAILBUCKET_HASALLPERMISIONS ]];then
-        textFail "check your $bucket CloudTrail bucket ACL and Policy!"
-      else
-        textPass "Bucket $bucket is set correctly"
-      fi
-    done
-  else
-    textFail "No CloudTrail bucket found!"
-  fi
-}
--- a/checks/check24
+++ b/checks/check24
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check24="2.4,2.04"
-CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
-CHECK_SCORED_check24="SCORED"
-CHECK_TYPE_check24="LEVEL1"
-CHECK_ALTERNATE_check204="check24"
-
-check24(){
-  # "Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
-  TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].{Name:Name, HomeRegion:HomeRegion}' --output text | tr "	" ',')
-  if [[ $TRAILS_AND_REGIONS ]];then
-    for reg_trail in $TRAILS_AND_REGIONS;do
-      trail=$(echo $reg_trail | cut -d',' -f2)
-      TRAIL_REGION=$(echo $reg_trail | cut -d',' -f1)
-      LATESTDELIVERY_TIMESTAMP=$($AWSCLI cloudtrail get-trail-status --name $trail $PROFILE_OPT --region $TRAIL_REGION --query 'LatestCloudWatchLogsDeliveryTime' --output text|grep -v None)
-      if [[ ! $LATESTDELIVERY_TIMESTAMP ]];then
-        textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
-      else
-        LATESTDELIVERY_DATE=$(timestamp_to_date $LATESTDELIVERY_TIMESTAMP)
-        HOWOLDER=$(how_older_from_today $LATESTDELIVERY_DATE)
-        if [ $HOWOLDER -gt "1" ];then
-          textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
-        else
-          textPass "$trail trail has been logging during the last 24h (it is in $TRAIL_REGION)"
-        fi
-      fi
-    done
-  else
-    textFail "No CloudTrail trails found!"
-  fi
-}
--- a/checks/check25
+++ b/checks/check25
@@ -1,27 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check25="2.5,2.05"
-CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)"
-CHECK_SCORED_check25="SCORED"
-CHECK_TYPE_check25="LEVEL1"
-CHECK_ALTERNATE_check205="check25"
-
-check25(){
-  # "Ensure AWS Config is enabled in all regions (Scored)"
-  for regx in $REGIONS; do
-    CHECK_AWSCONFIG_STATUS=$($AWSCLI configservice get-status $PROFILE_OPT --region $regx --output json| grep "recorder: ON")
-    if [[ $CHECK_AWSCONFIG_STATUS ]];then
-      textPass "Region $regx has AWS Config recorder: ON" "$regx"
-    else
-      textFail "Region $regx has AWS Config disabled or not configured" "$regx"
-    fi
-  done
-}
--- a/checks/check26
+++ b/checks/check26
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check26="2.6,2.06"
-CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
-CHECK_SCORED_check26="SCORED"
-CHECK_TYPE_check26="LEVEL1"
-CHECK_ALTERNATE_check206="check26"
-
-check26(){
-  # "Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
-  CLOUDTRAILBUCKET=$($AWSCLI cloudtrail describe-trails --query 'trailList[*].S3BucketName' --output text $PROFILE_OPT --region $REGION)
-    if [[ $CLOUDTRAILBUCKET ]];then
-      for bucket in $CLOUDTRAILBUCKET;do
-        CLOUDTRAILBUCKET_LOGENABLED=$($AWSCLI s3api get-bucket-logging --bucket $bucket $PROFILE_OPT --region $REGION --query 'LoggingEnabled.TargetBucket' --output text|grep -v None)
-        if [[ $CLOUDTRAILBUCKET_LOGENABLED ]];then
-          textPass "Bucket access logging enabled in $bucket"
-        else
-          textFail "access logging is not enabled in $bucket CloudTrail S3 bucket!"
-        fi
-      done
-    else
-      textFail "CloudTrail bucket not found!"
-    fi
-}
--- a/checks/check27
+++ b/checks/check27
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check27="2.7,2.07"
-CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
-CHECK_SCORED_check27="SCORED"
-CHECK_TYPE_check27="LEVEL2"
-CHECK_ALTERNATE_check207="check27"
-
-check27(){
-  # "Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
-  $AWSCLI cloudtrail describe-trails --query 'trailList[].[Name,KmsKeyId]' --output text $PROFILE_OPT --region $REGION | while read trail key; do
-    if [[ "$trail" ]] ; then
-        if [[ "$key" != "None" ]] ; then
-            textPass "KMS key found for $trail"
-        else
-            textFail "Encryption is not enabled in your CloudTrail trail $trail (KMS key not found)!"
-        fi
-    else
-        textFail "CloudTrail bucket doesn't exist!"
-    fi
-  done
-}
--- a/checks/check28
+++ b/checks/check28
@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check28="2.8,2.08"
-CHECK_TITLE_check28="[check28] Ensure rotation for customer created CMKs is enabled (Scored)"
-CHECK_SCORED_check28="SCORED"
-CHECK_TYPE_check28="LEVEL2"
-CHECK_ALTERNATE_check208="check28"
-
-check28(){
-  # "Ensure rotation for customer created CMKs is enabled (Scored)"
-  for regx in $REGIONS; do
-  CHECK_KMS_KEYLIST=$($AWSCLI kms list-keys $PROFILE_OPT --region $regx --output text --query 'Keys[*].KeyId')
-    if [[ $CHECK_KMS_KEYLIST ]];then
-      CHECK_KMS_KEYLIST_NO_DEFAULT=$(
-        for key in $CHECK_KMS_KEYLIST; do
-          $AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.{key:KeyId,state:KeyState,man:KeyManager}' --output text|grep Enabled$|grep -v AWS| awk '{ print $1 }'
-        done )
-      if [[ $CHECK_KMS_KEYLIST_NO_DEFAULT ]]; then
-        for key in $CHECK_KMS_KEYLIST_NO_DEFAULT; do
-          CHECK_KMS_KEY_TYPE=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.Origin' | sed 's/["]//g')
-            if [[ "$CHECK_KMS_KEY_TYPE" == "EXTERNAL" ]];then
-              textPass "$regx: Key $key in Region $regx Customer Uploaded Key Material." "$regx"
-            else
-              CHECK_KMS_KEY_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx --output text)
-              if [[ "$CHECK_KMS_KEY_ROTATION" == "True" ]];then
-                textPass "$regx: Key $key is set correctly" "$regx"
-              else
-                textFail "$regx: Key $key is not set to rotate!" "$regx"
-              fi
-            fi
-        done
-      else
-        textInfo "$regx: This region doesn't have CUSTOM encryption keys" "$regx"
-      fi
-    else
-      textInfo "$regx: This region doesn't have ANY encryption keys" "$regx"
-    fi
-  done
-}
--- a/checks/check29
+++ b/checks/check29
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check29="2.9,2.09"
-CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
-CHECK_SCORED_check29="SCORED"
-CHECK_TYPE_check29="LEVEL2"
-CHECK_ALTERNATE_check209="check29"
-
-check29(){
-  # "Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
-  for regx in $REGIONS; do
-    CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].FlowLogId' --output text)
-    if [[ $CHECK_FL ]];then
-      for FL in $CHECK_FL;do
-        textPass "VPCFlowLog is enabled for LogGroupName: $FL in Region $regx" "$regx"
-      done
-    else
-      textFail "No VPCFlowLog has been found in Region $regx" "$regx"
-    fi
-  done
-}
--- a/checks/check31
+++ b/checks/check31
@@ -1,63 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check31="3.1,3.01"
-CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"
-CHECK_SCORED_check31="SCORED"
-CHECK_TYPE_check31="LEVEL1"
-CHECK_ALTERNATE_check301="check31"
-
-check31(){
-  # "Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text| tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | grep $group | awk -F: '{ print $4 }'  | head -n 1)
-      #METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | awk '/UnauthorizedOperation/ || /AccessDenied/ {print $3}')
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --output text | grep METRICFILTERS | awk 'BEGIN {IGNORECASE=1}; /UnauthorizedOperation/ || /AccessDenied/ {print $3};')
-      if [[ $METRICFILTER_SET ]];then
-        for metric in $METRICFILTER_SET; do
-          metric_name=$($AWSCLI logs describe-metric-filters $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --log-group-name $group --filter-name-prefix $metric --output text --query 'metricFilters[0].metricTransformations[0].metricName')
-          HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[?MetricName==`'$metric_name'`]' --output text)
-          if [[ $HAS_ALARM_ASSOCIATED ]];then
-            CHECK31OK="$CHECK31OK $group:$metric"
-          else
-            CHECK31WARN="$CHECK31WARN $group:$metric"
-          fi
-        done
-      else
-        CHECK31WARN="$CHECK31WARN $group"
-      fi
-    done
-
-    if [[ $CHECK31OK ]]; then
-      for group in $CHECK31OK; do
-        metric=${group#*:}
-        group=${group%:*}
-        textPass "CloudWatch group $group found with metric filter $metric and alarms set for Unauthorized Operation and Access Denied"
-      done
-    fi
-    if [[ $CHECK31WARN ]]; then
-      for group in $CHECK31WARN; do
-        case $group in
-           *:*) metric=${group#*:}
-                group=${group%:*}
-                textFail "CloudWatch group $group found with metric filter $metric but no alarms associated"
-                ;;
-             *) textFail "CloudWatch group $group found but no metric filters or alarms associated"
-        esac
-      done
-    fi
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check310
+++ b/checks/check310
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check310="3.10"
-CHECK_TITLE_check310="[check310] Ensure a log metric filter and alarm exist for security group changes (Scored)"
-CHECK_SCORED_check310="SCORED"
-CHECK_TYPE_check310="LEVEL2"
-CHECK_ALTERNATE_check310="check310"
-
-check310(){
-  # "Ensure a log metric filter and alarm exist for security group changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | grep $group | awk -F: '{ print $4 }'  | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'AuthorizeSecurityGroupIngress.*AuthorizeSecurityGroupEgress.*RevokeSecurityGroupIngress.*RevokeSecurityGroupEgress.*CreateSecurityGroup.*DeleteSecurityGroup')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /SecurityGroup/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for security group changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check311
+++ b/checks/check311
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check311="3.11"
-CHECK_TITLE_check311="[check311] Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"
-CHECK_SCORED_check311="SCORED"
-CHECK_TYPE_check311="LEVEL2"
-CHECK_ALTERNATE_check311="check311"
-
-check311(){
-  # "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | grep $group | awk -F: '{ print $4 }'  | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'CreateNetworkAcl.*CreateNetworkAclEntry.*DeleteNetworkAcl.*DeleteNetworkAclEntry.*ReplaceNetworkAclEntry.*ReplaceNetworkAclAssociation')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /NetworkAcl/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for changes to NACLs"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check312
+++ b/checks/check312
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check312="3.12"
-CHECK_TITLE_check312="[check312] Ensure a log metric filter and alarm exist for changes to network gateways (Scored)"
-CHECK_SCORED_check312="SCORED"
-CHECK_TYPE_check312="LEVEL1"
-CHECK_ALTERNATE_check312="check312"
-
-check312(){
-  # "Ensure a log metric filter and alarm exist for changes to network gateways (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | grep $group | awk -F: '{ print $4 }'  | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'CreateCustomerGateway.*DeleteCustomerGateway.*AttachInternetGateway.*CreateInternetGateway.*DeleteInternetGateway.*DetachInternetGateway')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /InternetGateway/ || /CustomerGateway/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for changes to network gateways"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check313
+++ b/checks/check313
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check313="3.13"
-CHECK_TITLE_check313="[check313] Ensure a log metric filter and alarm exist for route table changes (Scored)"
-CHECK_SCORED_check313="SCORED"
-CHECK_TYPE_check313="LEVEL1"
-CHECK_ALTERNATE_check313="check313"
-
-check313(){
-  # "Ensure a log metric filter and alarm exist for route table changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | grep $group | awk -F: '{ print $4 }'  | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'CreateRoute.*CreateRouteTable.*ReplaceRoute.*ReplaceRouteTableAssociation.*DeleteRouteTable.*DeleteRoute.*DisassociateRouteTable')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /Route/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for route table changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check314
+++ b/checks/check314
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check314="3.14"
-CHECK_TITLE_check314="[check314] Ensure a log metric filter and alarm exist for VPC changes (Scored)"
-CHECK_SCORED_check314="SCORED"
-CHECK_TYPE_check314="LEVEL1"
-CHECK_ALTERNATE_check314="check314"
-
-check314(){
-  # "Ensure a log metric filter and alarm exist for VPC changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | grep $group | awk -F: '{ print $4 }'  | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'CreateVpc.*DeleteVpc.*ModifyVpcAttribute.*AcceptVpcPeeringConnection.*CreateVpcPeeringConnection.*DeleteVpcPeeringConnection.*RejectVpcPeeringConnection.*AttachClassicLinkVpc.*DetachClassicLinkVpc.*DisableVpcClassicLink.*EnableVpcClassicLink')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /VPC/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for VPC changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check32
+++ b/checks/check32
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check32="3.2,3.02"
-CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"
-CHECK_SCORED_check32="SCORED"
-CHECK_TYPE_check32="LEVEL1"
-CHECK_ALTERNATE_check302="check32"
-
-check32(){
-  # "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' |grep filterPattern|grep MFAUsed| awk '/ConsoleLogin/ && (/additionalEventData.MFAUsed.*\!=.*\"Yes/) {print $1}')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /ConsoleLogin/ || /MFAUsed/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms set for sign-in Console without MFA enabled"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check33
+++ b/checks/check33
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check33="3.3,3.03"
-CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account (Scored)"
-CHECK_SCORED_check33="SCORED"
-CHECK_TYPE_check33="LEVEL1"
-CHECK_ALTERNATE_check303="check33"
-
-check33(){
-  # "Ensure a log metric filter and alarm exist for usage of root account (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION |grep -E 'userIdentity.*Root.*AwsServiceEvent')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | tr '[:upper:]' '[:lower:]'| grep -Ei 'userIdentity|Root|AwsServiceEvent')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms set for usage of root account"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check34
+++ b/checks/check34
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check34="3.4,3.04"
-CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"
-CHECK_SCORED_check34="SCORED"
-CHECK_TYPE_check34="LEVEL1"
-CHECK_ALTERNATE_check304="check34"
-
-check34(){
-  # "Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'DeleteGroupPolicy.*DeleteRolePolicy.*DeleteUserPolicy.*PutGroupPolicy.*PutRolePolicy.*PutUserPolicy.*CreatePolicy.*DeletePolicy.*CreatePolicyVersion.*DeletePolicyVersion.*AttachRolePolicy.*DetachRolePolicy.*AttachUserPolicy.*DetachUserPolicy.*AttachGroupPolicy.*DetachGroupPolicy')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /DeletePolicy/ || /DeletePolicies/ || /Policies/ || /Policy/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for IAM policy changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check35
+++ b/checks/check35
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check35="3.5,3.05"
-CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"
-CHECK_SCORED_check35="SCORED"
-CHECK_TYPE_check35="LEVEL1"
-CHECK_ALTERNATE_check305="check35"
-
-check35(){
-  # "Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'CreateTrail.*UpdateTrail.*DeleteTrail.*StartLogging.*StopLogging')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /TrailChange/ || /Trails/ || /CreateTrail/ || /UpdateTrail/ || /DeleteTrail/ || /StartLogging/ || /StopLogging/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for CloudTrail configuration changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check36
+++ b/checks/check36
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check36="3.6,3.06"
-CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
-CHECK_SCORED_check36="SCORED"
-CHECK_TYPE_check36="LEVEL2"
-CHECK_ALTERNATE_check306="check36"
-
-check36(){
-  # "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'ConsoleLogin.*Failed')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /FailedLogin/ || /ConsoleLogin/ || /Failed/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for AWS Management Console authentication failures"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check37
+++ b/checks/check37
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check37="3.7,3.07"
-CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
-CHECK_SCORED_check37="SCORED"
-CHECK_TYPE_check37="LEVEL2"
-CHECK_ALTERNATE_check307="check37"
-
-check37(){
-  # "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'kms.amazonaws.com.*DisableKey.*ScheduleKeyDeletion')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /DisableKey/ || /ScheduleKeyDeletion/ || /kms/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for changes of customer created CMKs"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check38
+++ b/checks/check38
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check38="3.8,3.08"
-CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"
-CHECK_SCORED_check38="SCORED"
-CHECK_TYPE_check38="LEVEL1"
-CHECK_ALTERNATE_check308="check38"
-
-check38(){
-  # "Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 's3.amazonaws.com.*PutBucketAcl.*PutBucketPolicy.*PutBucketCors.*PutBucketLifecycle.*PutBucketReplication.*DeleteBucketPolicy.*DeleteBucketCors.*DeleteBucketLifecycle.*DeleteBucketReplication')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /S3/ || /BucketPolicy/ || /BucketPolicies/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for S3 bucket policy changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check39
+++ b/checks/check39
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check39="3.9,3.09"
-CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
-CHECK_SCORED_check39="SCORED"
-CHECK_TYPE_check39="LEVEL2"
-CHECK_ALTERNATE_check309="check39"
-
-check39(){
-  # "Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
-  CLOUDWATCH_GROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | tr '	' '
-' | awk -F: '{ print $7 }')
-  if [[ $CLOUDWATCH_GROUP ]];then
-    for group in $CLOUDWATCH_GROUP; do
-      CLOUDWATCH_LOGGROUP_REGION=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text | awk -F: '{ print $4 }' | head -n 1)
-      METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $group $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'metricFilters' | grep -E 'config.amazonaws.com.*StopConfigurationRecorder.*DeleteDeliveryChannel.*PutDeliveryChannel.*PutConfigurationRecorder')
-      if [[ $METRICFILTER_SET ]];then
-        HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region $CLOUDWATCH_LOGGROUP_REGION --query 'MetricAlarms[].MetricName' --output text | awk 'BEGIN {IGNORECASE=1}; /config/ || /ConfigurationRecorder/ || /DeliveryChannel/;')
-        if [[ $HAS_ALARM_ASSOCIATED ]];then
-          textPass "CloudWatch group $group found with metric filters and alarms for AWS Config configuration changes"
-        else
-          textFail "CloudWatch group $group found with metric filters but no alarms associated"
-        fi
-      else
-        textFail "CloudWatch group $group found but no metric filters or alarms associated"
-      fi
-    done
-  else
-    textFail "No CloudWatch group found for CloudTrail events"
-  fi
-}
--- a/checks/check41
+++ b/checks/check41
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check41="4.1,4.01"
-CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)"
-CHECK_SCORED_check41="SCORED"
-CHECK_TYPE_check41="LEVEL2"
-CHECK_ALTERNATE_check401="check41"
-
-check41(){
-  # "Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)"
-  for regx in $REGIONS; do
-    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`22` && ToPort>=`22`)) && contains(IpRanges[].CidrIp, `0.0.0.0/0`)]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
-    if [[ $SG_LIST ]];then
-      for SG in $SG_LIST;do
-        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx"
-      done
-    else
-      textPass "No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0" "$regx"
-    fi
-  done
-}
--- a/checks/check42
+++ b/checks/check42
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check42="4.2,4.02"
-CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)"
-CHECK_SCORED_check42="SCORED"
-CHECK_TYPE_check42="LEVEL2"
-CHECK_ALTERNATE_check402="check42"
-
-check42(){
-  # "Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)"
-  for regx in $REGIONS; do
-    SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`3389` && ToPort>=`3389`)) && contains(IpRanges[].CidrIp, `0.0.0.0/0`)]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text)
-    if [[ $SG_LIST ]];then
-      for SG in $SG_LIST;do
-        textFail "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx"
-      done
-    else
-      textPass "No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0" "$regx"
-    fi
-  done
-}
--- a/checks/check43
+++ b/checks/check43
@@ -1,27 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check43="4.3,4.03"
-CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic (Scored)"
-CHECK_SCORED_check43="SCORED"
-CHECK_TYPE_check43="LEVEL2"
-CHECK_ALTERNATE_check403="check43"
-
-check43(){
-  # "Ensure the default security group of every VPC restricts all traffic (Scored)"
-  for regx in $REGIONS; do
-    CHECK_SGDEFAULT=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --filters Name=group-name,Values='default' --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |grep 0.0.0.0)
-    if [[ $CHECK_SGDEFAULT ]];then
-      textFail "Default Security Groups found that allow 0.0.0.0 IN or OUT traffic in Region $regx" "$regx"
-    else
-      textPass "No Default Security Groups open to 0.0.0.0 found in Region $regx" "$regx"
-    fi
-  done
-}
--- a/checks/check44
+++ b/checks/check44
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-CHECK_ID_check44="4.4,4.04"
-CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
-CHECK_SCORED_check44="NOT_SCORED"
-CHECK_TYPE_check44="LEVEL2"
-CHECK_ALTERNATE_check404="check44"
-
-check44(){
-  # "Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
-  textInfo "Looking for VPC peering in all regions...  "
-  for regx in $REGIONS; do
-    LIST_OF_VPCS_PEERING_CONNECTIONS=$($AWSCLI ec2 describe-vpc-peering-connections --output text $PROFILE_OPT --region $regx --query 'VpcPeeringConnections[*].VpcPeeringConnectionId'| sort | paste -s -d" " -)
-    if [[ $LIST_OF_VPCS_PEERING_CONNECTIONS ]];then
-      textInfo "$regx: $LIST_OF_VPCS_PEERING_CONNECTIONS - review routing tables" "$regx"
-      #LIST_OF_VPCS=$($AWSCLI ec2 describe-vpcs $PROFILE_OPT --region $regx --query 'Vpcs[*].VpcId' --output text)
-      #aws ec2 describe-route-tables --filter "Name=vpc-id,Values=vpc-0213e864" --query "RouteTables[*].{RouteTableId:RouteTableId, VpcId:VpcId, Routes:Routes, AssociatedSubnets:Associations[*].SubnetId}" $PROFILE_OPT --region $regx
-      # for vpc in $LIST_OF_VPCS; do
-      #   VPCS_WITH_PEERING=$($AWSCLI ec2 describe-route-tables --filter "Name=vpc-id,Values=$vpc" $PROFILE_OPT --region $regx --query "RouteTables[*].{RouteTableId:RouteTableId, VpcId:VpcId, Routes:Routes, AssociatedSubnets:Associations[*].SubnetId}" |grep GatewayId|grep pcx-)
-      # done
-      #echo $VPCS_WITH_PEERING
-    else
-      textPass "$regx: No VPC peering found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra71
+++ b/checks/check_extra71
@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra71="7.1,7.01"
-CHECK_TITLE_extra71="[extra71] Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra71="NOT_SCORED"
-CHECK_TYPE_extra71="EXTRA"
-CHECK_ALTERNATE_extra701="extra71"
-CHECK_ALTERNATE_check71="extra71"
-CHECK_ALTERNATE_check701="extra71"
-
-extra71(){
-  # "Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
-  ADMIN_GROUPS=''
-  AWS_GROUPS=$($AWSCLI $PROFILE_OPT iam list-groups --output text --query 'Groups[].GroupName')
-  for grp in $AWS_GROUPS; do
-    # aws --profile onlinetraining iam list-attached-group-policies --group-name Administrators --query 'AttachedPolicies[].PolicyArn' | grep 'arn:aws:iam::aws:policy/AdministratorAccess'
-    # list-attached-group-policies
-    CHECK_ADMIN_GROUP=$($AWSCLI $PROFILE_OPT iam list-attached-group-policies --group-name $grp --output json --query 'AttachedPolicies[].PolicyArn' | grep  'arn:aws:iam::aws:policy/AdministratorAccess')
-    if [[ $CHECK_ADMIN_GROUP ]]; then
-      ADMIN_GROUPS="$ADMIN_GROUPS $grp"
-      textInfo "$grp group provides administrative access"
-      ADMIN_USERS=$($AWSCLI $PROFILE_OPT iam get-group --group-name $grp --output json --query 'Users[].UserName' | grep '"' | cut -d'"' -f2 )
-      for auser in $ADMIN_USERS; do
-        # users in group are Administrators
-        # users
-        # check for user MFA device in credential report
-        USER_MFA_ENABLED=$( cat $TEMP_REPORT_FILE | grep "^$auser," | cut -d',' -f8)
-        if [[ "true" == $USER_MFA_ENABLED ]]; then
-          textPass "$auser / MFA Enabled / admin via group $grp"
-        else
-          textFail "$auser / MFA DISABLED / admin via group $grp"
-        fi
-      done
-    else
-      textInfo "$grp group provides non-administrative access"
-    fi
-  done
-}
--- a/checks/check_extra710
+++ b/checks/check_extra710
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra710="7.10"
-CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra710="NOT_SCORED"
-CHECK_TYPE_extra710="EXTRA"
-CHECK_ALTERNATE_check710="extra710"
-
-extra710(){
-  # "Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for instances in all regions...  "
-  for regx in $REGIONS; do
-    LIST_OF_PUBLIC_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query 'Reservations[*].Instances[?PublicIpAddress].[InstanceId,PublicIpAddress]' --output text)
-    if [[ $LIST_OF_PUBLIC_INSTANCES ]];then
-      while read -r instance;do
-        INSTANCE_ID=$(echo $instance | awk '{ print $1; }')
-        PUBLIC_IP=$(echo $instance | awk '{ print $2; }')
-        textFail "$regx: Instance: $INSTANCE_ID at IP: $PUBLIC_IP is internet-facing!" "$regx"
-      done <<< "$LIST_OF_PUBLIC_INSTANCES"
-      else
-        textPass "$regx: no Internet Facing EC2 Instances found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra711
+++ b/checks/check_extra711
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra711="7.11"
-CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra711="NOT_SCORED"
-CHECK_TYPE_extra711="EXTRA"
-CHECK_ALTERNATE_check711="extra711"
-
-extra711(){
-  # "Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for Reshift clusters in all regions...  "
-  for regx in $REGIONS; do
-    LIST_OF_PUBLIC_REDSHIFT_CLUSTERS=$($AWSCLI redshift describe-clusters $PROFILE_OPT --region $regx --query 'Clusters[?PubliclyAccessible == `true`].[ClusterIdentifier,Endpoint.Address]' --output text)
-    if [[ $LIST_OF_PUBLIC_REDSHIFT_CLUSTERS ]];then
-      while read -r cluster;do
-        CLUSTER_ID=$(echo $cluster | awk '{ print $1; }')
-        CLUSTER_ENDPOINT=$(echo $cluster | awk '{ print $2; }')
-        textFail "$regx: Cluster: $CLUSTER_ID at Endpoint: $CLUSTER_ENDPOINT is publicly accessible!" "$regx"
-      done <<< "$LIST_OF_PUBLIC_REDSHIFT_CLUSTERS"
-      else
-        textPass "$regx: no Publicly Accessible Redshift Clusters found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra712
+++ b/checks/check_extra712
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra712="7.12"
-CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra712="NOT_SCORED"
-CHECK_TYPE_extra712="EXTRA"
-CHECK_ALTERNATE_check712="extra712"
-
-extra712(){
-  # "Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
-  textInfo "No API commands available to check if Macie is enabled,"
-  textInfo "just looking if IAM Macie related permissions exist.  "
-  MACIE_IAM_ROLES_CREATED=$($AWSCLI iam list-roles $PROFILE_OPT --query 'Roles[*].Arn'|grep AWSMacieServiceCustomer|wc -l)
-  if [[ $MACIE_IAM_ROLES_CREATED -eq 2 ]];then
-    textPass "Macie related IAM roles exist, so it might be enabled. Check it out manually."
-  else
-    textFail "No Macie related IAM roles found. It is most likely not to be enabled"
-  fi
-}
--- a/checks/check_extra713
+++ b/checks/check_extra713
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra713="7.13"
-CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra713="NOT_SCORED"
-CHECK_TYPE_extra713="EXTRA"
-CHECK_ALTERNATE_check713="extra713"
-
-extra713(){
-  # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text |cut -f2)
-    if [[ $LIST_OF_GUARDDUTY_DETECTORS ]];then
-      while read -r detector;do
-        DETECTOR_ENABLED=$($AWSCLI guardduty get-detector --detector-id $detector $PROFILE_OPT --region $regx --query "Status" --output text|grep ENABLED)
-        if [[ $DETECTOR_ENABLED ]]; then
-          textPass "$regx: GuardDuty detector $detector enabled" "$regx"
-        else
-          textFail "$regx: GuardDuty detector $detector configured but suspended" "$regx"
-        fi
-      done <<< "$LIST_OF_GUARDDUTY_DETECTORS"
-      else
-        textFail "$regx: GuardDuty detector not configured!" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra714
+++ b/checks/check_extra714
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra714="7.14"
-CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra714="NOT_SCORED"
-CHECK_TYPE_extra714="EXTRA"
-CHECK_ALTERNATE_check714="extra714"
-
-extra714(){
-  # "Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_DISTRIBUTIONS=$($AWSCLI cloudfront list-distributions $PROFILE_OPT --region $regx --query 'DistributionList.Items[].Id' --output text |grep -v "^None")
-    if [[ $LIST_OF_DISTRIBUTIONS ]]; then
-      for cdn in $LIST_OF_DISTRIBUTIONS;do
-        CDN_LOG_ENABLED=$($AWSCLI cloudfront get-distribution $PROFILE_OPT --region $regx --id "$cdn" --query 'Distribution.DistributionConfig.Logging.Enabled' | grep true)
-        if [[ $CDN_LOG_ENABLED ]];then
-          textPass "$regx: CDN $cdn logging enabled" "$regx"
-        else
-          textFail "$regx: CDN $cdn logging disabled!" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No CDN configured" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra715
+++ b/checks/check_extra715
@@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra715="7.15"
-CHECK_TITLE_extra715="[extra715] Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra715="NOT_SCORED"
-CHECK_TYPE_extra715="EXTRA"
-CHECK_ALTERNATE_check715="extra715"
-
-extra715(){
-  for regx in $REGIONS; do
-    LIST_OF_DOMAINS=$($AWSCLI es list-domain-names $PROFILE_OPT --region $regx --query DomainNames --output text)
-    if [[ $LIST_OF_DOMAINS ]]; then
-      for domain in $LIST_OF_DOMAINS;do
-        SEARCH_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.SEARCH_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
-        if [[ $SEARCH_SLOWLOG_ENABLED ]];then
-          textPass "$regx: ElasticSearch Service domain $domain SEARCH_SLOW_LOGS enabled" "$regx"
-        else
-          textFail "$regx: ElasticSearch Service domain $domain SEARCH_SLOW_LOGS disabled!" "$regx"
-        fi
-        INDEX_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.INDEX_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
-        if [[ $INDEX_SLOWLOG_ENABLED ]];then
-          textPass "$regx: ElasticSearch Service domain $domain INDEX_SLOW_LOGS enabled" "$regx"
-        else
-          textFail "$regx: ElasticSearch Service domain $domain INDEX_SLOW_LOGS disabled!" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No Elasticsearch Service domain found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra716
+++ b/checks/check_extra716
@@ -1,44 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra716="7.16"
-CHECK_TITLE_extra716="[extra716] Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra716="NOT_SCORED"
-CHECK_TYPE_extra716="EXTRA"
-CHECK_ALTERNATE_check716="extra716"
-
-extra716(){
-  # "Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_DOMAINS=$($AWSCLI es list-domain-names $PROFILE_OPT --region $regx --query DomainNames --output text)
-    if [[ $LIST_OF_DOMAINS ]]; then
-      for domain in $LIST_OF_DOMAINS;do
-        CHECK_IF_MEMBER_OF_VPC=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.VPCOptions.Options.VPCId --output text|grep -v ^None)
-        if [[ ! $CHECK_IF_MEMBER_OF_VPC ]];then
-          TEMP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-es-domain.policy.XXXXXXXXXX)
-          $AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.AccessPolicies.Options --output text > $TEMP_POLICY_FILE 2> /dev/null
-          # check if the policy has Principal as *
-          CHECK_ES_DOMAIN_ALLUSERS_POLICY=$(cat $TEMP_POLICY_FILE | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | awk '/Principal/ && !skip { print } { skip = /Deny/} '|grep \"Principal|grep \*)
-          if [[ $CHECK_ES_DOMAIN_ALLUSERS_POLICY ]];then
-            textFail "$regx: $domain policy \"may\" allow Anonymous users to perform actions (Principal: \"*\")" "$regx"
-          else
-            textPass "$regx: $domain is not open" "$regx"
-          fi
-        else
-          textPass "$regx: $domain is in a VPC" "$regx"
-        fi
-      done
-    fi
-    textInfo "$regx: No Elasticsearch Service domain found" "$regx"
-    rm -fr $TEMP_POLICY_FILE
-  done
-}
--- a/checks/check_extra717
+++ b/checks/check_extra717
@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra717="7.17"
-CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra717="NOT_SCORED"
-CHECK_TYPE_extra717="EXTRA"
-CHECK_ALTERNATE_check717="extra717"
-
-extra717(){
-  # "Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_ELBS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancerDescriptions[*].LoadBalancerName' --output text|xargs -n1)
-    LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[*].LoadBalancerArn' --output text|xargs -n1)
-    if [[ $LIST_OF_ELBS || $LIST_OF_ELBSV2 ]]; then
-      if [[ $LIST_OF_ELBS ]]; then
-        for elb in $LIST_OF_ELBS; do
-          CHECK_ELBS_LOG_ENABLED=$($AWSCLI elb describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-name $elb --query 'LoadBalancerAttributes.AccessLog.Enabled'|grep "^true")
-          if [[ $CHECK_ELBS_LOG_ENABLED ]]; then
-            textPass "$regx: $elb has access logs to S3 configured" "$regx"
-          else
-            textFail "$regx: $elb has not configured access logs" "$regx"
-          fi
-        done
-      fi
-      if [[ $LIST_OF_ELBSV2 ]]; then
-        for elbarn in $LIST_OF_ELBSV2; do
-          CHECK_ELBSV2_LOG_ENABLED=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $elbarn --query Attributes[*] --output text|grep "^access_logs.s3.enabled"|cut -f2|grep true)
-          ELBV2_NAME=$(echo $elbarn|cut -d\/ -f3)
-          if [[ $CHECK_ELBSV2_LOG_ENABLED ]]; then
-            textPass "$regx: $ELBV2_NAME has access logs to S3 configured" "$regx"
-          else
-            textFail "$regx: $ELBV2_NAME has not configured access logs" "$regx"
-          fi
-        done
-      fi
-    else
-      textInfo "$regx: No ELBs found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra718
+++ b/checks/check_extra718
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra718="7.18"
-CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra718="NOT_SCORED"
-CHECK_TYPE_extra718="EXTRA"
-CHECK_ALTERNATE_check718="extra718"
-
-extra718(){
-  # "Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"
-  LIST_OF_BUCKETS=$($AWSCLI s3api list-buckets $PROFILE_OPT --query Buckets[*].Name --output text|xargs -n1)
-  if [[ $LIST_OF_BUCKETS ]]; then
-    for bucket in $LIST_OF_BUCKETS;do
-      BUCKET_SERVER_LOG_ENABLED=$($AWSCLI s3api get-bucket-logging --bucket $bucket $PROFILE_OPT --query [LoggingEnabled] --output text|grep -v "^None$")
-      if [[ $BUCKET_SERVER_LOG_ENABLED ]];then
-        textPass "Bucket $bucket has server access logging enabled"
-      else
-        textFail "Bucket $bucket has server access logging disabled!"
-      fi
-    done
-  else
-    textInfo "No S3 Buckets found"
-  fi
-}
--- a/checks/check_extra719
+++ b/checks/check_extra719
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra719="7.19"
-CHECK_TITLE_extra719="[extra719] Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra719="NOT_SCORED"
-CHECK_TYPE_extra719="EXTRA"
-CHECK_ALTERNATE_check719="extra719"
-
-extra719(){
-  # "Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)"
-  LIST_OF_HOSTED_ZONES=$($AWSCLI route53 list-hosted-zones $PROFILE_OPT --query HostedZones[*].Id --output text|xargs -n1)
-  if [[ $LIST_OF_HOSTED_ZONES ]]; then
-    for hostedzoneid in $LIST_OF_HOSTED_ZONES;do
-      HOSTED_ZONE_QUERY_LOG_ENABLED=$($AWSCLI route53 list-query-logging-configs --hosted-zone-id $hostedzoneid $PROFILE_OPT --query QueryLoggingConfigs[*].CloudWatchLogsLogGroupArn --output text|cut -d: -f7)
-      if [[ $HOSTED_ZONE_QUERY_LOG_ENABLED ]];then
-        textPass "Route53 hosted zone Id $hostedzoneid has query logging enabled in Log Group $HOSTED_ZONE_QUERY_LOG_ENABLED"
-      else
-        textFail "Route53 hosted zone Id $hostedzoneid has query logging disabled!"
-      fi
-    done
-  else
-    textInfo "No Route53 hosted zones found"
-  fi
-}
--- a/checks/check_extra72
+++ b/checks/check_extra72
@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra72="7.2,7.02"
-CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra72="NOT_SCORED"
-CHECK_TYPE_extra72="EXTRA"
-CHECK_ALTERNATE_extra702="extra72"
-CHECK_ALTERNATE_check72="extra72"
-CHECK_ALTERNATE_check702="extra72"
-
-extra72(){
-  # "Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for EBS Snapshots in all regions...  "
-  for regx in $REGIONS; do
-    LIST_OF_EBS_SNAPSHOTS=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --owner-ids $ACCOUNT_NUM --output text --query 'Snapshots[*].{ID:SnapshotId}' --max-items $MAXITEMS | grep -v None 2> /dev/null)
-    for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
-      SNAPSHOT_IS_PUBLIC=$($AWSCLI ec2 describe-snapshot-attribute $PROFILE_OPT --region $regx --output text --snapshot-id $snapshot --attribute createVolumePermission --query "CreateVolumePermissions[?Group=='all']")
-      if [[ $SNAPSHOT_IS_PUBLIC ]];then
-        textFail "$regx: $snapshot is currently Public!" "$regx"
-      else
-        textPass "$regx: $snapshot is not Public" "$regx"
-      fi
-    done
-  done
-}
--- a/checks/check_extra720
+++ b/checks/check_extra720
@@ -1,57 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra720="7.20"
-CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra720="NOT_SCORED"
-CHECK_TYPE_extra720="EXTRA"
-CHECK_ALTERNATE_check720="extra720"
-
-extra720(){
-  # "Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_FUNCTIONS=$($AWSCLI lambda list-functions $PROFILE_OPT --region $regx --query Functions[*].FunctionName --output text)
-    if [[ $LIST_OF_FUNCTIONS ]]; then
-      for lambdafunction in $LIST_OF_FUNCTIONS;do
-        LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query trailList[?HomeRegion==\`$regx\`].Name --output text)
-        if [[ $LIST_OF_TRAILS ]]; then
-          for trail in $LIST_OF_TRAILS; do
-            FUNCTION_ENABLED_IN_TRAIL=$($AWSCLI cloudtrail get-event-selectors $PROFILE_OPT --trail-name $trail --region $regx --query "EventSelectors[*].DataResources[?Type == \`AWS::Lambda::Function\`].Values" --output text |xargs -n1| grep -E "^arn:aws:lambda.*function:$lambdafunction$")
-            if [[ $FUNCTION_ENABLED_IN_TRAIL ]]; then
-              textPass "$regx: Lambda function $lambdafunction enabled in trail $trail" "$regx"
-            else
-              textFail "$regx: Lambda function $lambdafunction NOT enabled in trail $trail" "$regx"
-            fi
-          done
-          # LIST_OF_MULTIREGION_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query "trailList[?IsMultiRegionTrail == \`true\`].Name" --output text)
-          # if [[ $LIST_OF_MULTIREGION_TRAILS ]]; then
-          #   for trail in $LIST_OF_MULTIREGION_TRAILS; do
-          #     REGION_OF_TRAIL=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query "trailList[?IsMultiRegionTrail == \`true\` && Name == \`$trail\` ].HomeRegion" --output text)
-          #     FUNCTION_ENABLED_IN_THIS_REGION=$($AWSCLI cloudtrail get-event-selectors $PROFILE_OPT --trail-name $trail --region $REGION_OF_TRAIL --query "EventSelectors[*].DataResources[?Type == \`AWS::Lambda::Function\`].Values" --output text |xargs -n1| grep -E "^arn:aws:lambda.*function:$lambdafunction$")
-          #     if [[ $FUNCTION_ENABLED_IN_THIS_REGION ]]; then
-          #       textPass "$regx: Lambda function $lambdafunction enabled in trail $trail" "$regx"
-          #     else
-          #       textFail "$regx: Lambda function $lambdafunction NOT enabled in trail $trail" "$regx"
-          #     fi
-          #   done
-          # else
-          #   textFail "$regx: Lambda function $lambdafunction is not being recorded!" "$regx"
-          # fi
-        else
-          textFail "$regx: Lambda function $lambdafunction is not being recorded no CloudTrail found!" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No Lambda functions found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra721
+++ b/checks/check_extra721
@@ -1,37 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra721="7.21"
-CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra721="NOT_SCORED"
-CHECK_TYPE_extra721="EXTRA"
-CHECK_ALTERNATE_check721="extra721"
-
-extra721(){
-  # "Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_REDSHIFT_CLUSTERS=$($AWSCLI redshift describe-clusters $PROFILE_OPT --region $regx --query 'Clusters[*].ClusterIdentifier' --output text)
-    if [[ $LIST_OF_REDSHIFT_CLUSTERS ]]; then
-      for redshiftcluster in $LIST_OF_REDSHIFT_CLUSTERS;do
-        REDSHIFT_LOG_ENABLED=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query LoggingEnabled --output text | grep True)
-        if [[ $REDSHIFT_LOG_ENABLED ]];then
-          REDSHIFT_LOG_ENABLED_BUCKET=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query BucketName --output text)
-          textPass "$regx: Redshift cluster $redshiftcluster has audit logging enabled to bucket $REDSHIFT_LOG_ENABLED_BUCKET" "$regx"
-        else
-          textFail "$regx: Redshift cluster $redshiftcluster logging disabled!" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No Redshift cluster configured" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra722
+++ b/checks/check_extra722
@@ -1,44 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra722="7.22"
-CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra722="NOT_SCORED"
-CHECK_TYPE_extra722="EXTRA"
-CHECK_ALTERNATE_check722="extra722"
-
-extra722(){
-  # "Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_API_GW=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query items[*].id --output text)
-    if [[ $LIST_OF_API_GW ]];then
-      for apigwid in $LIST_OF_API_GW;do
-        API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$apigwid\`].name" --output text)
-        CHECK_STAGES_NAME=$($AWSCLI apigateway get-stages $PROFILE_OPT --region $regx --rest-api-id $apigwid --query "item[*].stageName" --output text)
-        if [[ $CHECK_STAGES_NAME ]];then
-          for stagname in $CHECK_STAGES_NAME;do
-            CHECK_STAGE_METHOD_LOGGING=$($AWSCLI apigateway get-stages $PROFILE_OPT --region $regx --rest-api-id $apigwid --query "item[?stageName == \`$stagname\` ].methodSettings" --output text|awk '{ print $1" log level "$6}')
-            if [[ $CHECK_STAGE_METHOD_LOGGING ]];then
-              textPass "$regx: API Gateway $API_GW_NAME has stage logging enabled for $CHECK_STAGE_METHOD_LOGGING" "$regx"
-            else
-              textFail "$regx: API Gateway $API_GW_NAME logging disabled for stage $stagname!" "$regx"
-            fi
-          done
-        else
-           textFail "$regx: No Stage name found for $API_GW_NAME" "$regx"
-        fi
-      done
-    else
-       textInfo "$regx: No API Gateway found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra723
+++ b/checks/check_extra723
@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra723="7.23"
-CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra723="NOT_SCORED"
-CHECK_TYPE_extra723="EXTRA"
-CHECK_ALTERNATE_check723="extra723"
-
-extra723(){
-  # "Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    # RDS snapshots
-    LIST_OF_RDS_SNAPSHOTS=$($AWSCLI rds describe-db-snapshots $PROFILE_OPT --region $regx --query DBSnapshots[*].DBSnapshotIdentifier --output text)
-    if [[ $LIST_OF_RDS_SNAPSHOTS ]]; then
-      for rdssnapshot in $LIST_OF_RDS_SNAPSHOTS;do
-        SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-snapshot-attributes $PROFILE_OPT --region $regx --db-snapshot-identifier $rdssnapshot --query DBSnapshotAttributesResult.DBSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
-        if [[ $SNAPSHOT_IS_PUBLIC ]];then
-          textFail "$regx: RDS Snapshot $rdssnapshot is public!" "$regx"
-        else
-          textPass "$regx: RDS Snapshot $rdssnapshot is not shared" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No RDS Snapshots found" "$regx"
-    fi
-    # RDS cluster snapshots
-    LIST_OF_RDS_CLUSTER_SNAPSHOTS=$($AWSCLI rds describe-db-cluster-snapshots $PROFILE_OPT --region $regx --query DBClusterSnapshots[*].DBClusterSnapshotIdentifier --output text)
-    if [[ $LIST_OF_RDS_CLUSTER_SNAPSHOTS ]]; then
-      for rdsclustersnapshot in $LIST_OF_RDS_CLUSTER_SNAPSHOTS;do
-        CLUSTER_SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-cluster-snapshot-attributes $PROFILE_OPT --region $regx --db-cluster-snapshot-identifier $rdsclustersnapshot --query DBClusterSnapshotAttributesResult.DBClusterSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
-        if [[ $CLUSTER_SNAPSHOT_IS_PUBLIC ]];then
-          textFail "$regx: RDS Cluster Snapshot $rdsclustersnapshot is public!" "$regx"
-        else
-          textPass "$regx: RDS Cluster Snapshot $rdsclustersnapshot is not shared" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No RDS Cluster Snapshots found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra724
+++ b/checks/check_extra724
@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra724="7.24"
-CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra724="NOT_SCORED"
-CHECK_TYPE_extra724="EXTRA"
-CHECK_ALTERNATE_check724="extra724"
-
-extra724(){
-  # "Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"
-  for regx in $REGIONS; do
-    LIST_OF_CERTS=$($AWSCLI acm list-certificates $PROFILE_OPT  --region $regx --query CertificateSummaryList[].CertificateArn --output text)
-    if [[ $LIST_OF_CERTS ]];then
-      for cert_arn in $LIST_OF_CERTS;do
-        CT_ENABLED=$($AWSCLI acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Options.CertificateTransparencyLoggingPreference --output text)
-        CERT_DOMAIN_NAME=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.DomainName --output text)
-        if [[ $CT_ENABLED == "ENABLED" ]];then
-          textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx"
-        else
-          textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx"
-        fi
-      done
-    else
-       textInfo "$regx: No ACM Certificates found" "$regx"
-    fi
-  done
-  textInfo "*Read more about this here: https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/"
-}
--- a/checks/check_extra725
+++ b/checks/check_extra725
@@ -1,63 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra725="7.25"
-CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra725="NOT_SCORED"
-CHECK_TYPE_extra725="EXTRA"
-CHECK_ALTERNATE_check725="extra725"
-
-# per Object-level logging is not configured at Bucket level but at CloudTrail trail level
-extra725(){
-  # "Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for S3 Buckets Object-level logging information in all trails...  "
-
-  # create a file with a list of all buckets
-  TEMP_BUCKET_LIST_FILE=$(mktemp -t prowler.bucket-list-XXXXXX)
-  $AWSCLI s3api list-buckets --query 'Buckets[*].{Name:Name}' $PROFILE_OPT --region $REGION --output text > $TEMP_BUCKET_LIST_FILE
-  if [ ! -s $TEMP_BUCKET_LIST_FILE ]; then
-    textInfo "$regx: No S3 buckets found" "$regx"
-    exit
-  fi
-
-  # now create a list with all trails available and their region
-  TEMP_TRAILS_LIST_FILE=$(mktemp -t prowler.trails-list-XXXXXX)
-  for regx in $REGIONS; do
-    $AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query trailList[?HomeRegion==\`$regx\`].[Name,HomeRegion] --output text >> $TEMP_TRAILS_LIST_FILE
-  done
-
-  # look for buckets being logged per trail and create a list with them
-  TEMP_BUCKETS_LOGGING_LIST_FILE=$(mktemp -t prowler.buckets-logging-list-XXXXXX)
-  while IFS='' read -r LINE || [[ -n "${LINE}" ]]; do
-    TRAIL_REGION=$(echo "${LINE}" | awk '{ print $2 }')
-    TRAIL_NAME=$(echo "${LINE}" | awk '{ print $1 }')
-    BUCKETS_OBJECT_LOGGING_ENABLED=$($AWSCLI cloudtrail get-event-selectors --trail-name "${TRAIL_NAME}" $PROFILE_OPT --region $TRAIL_REGION --query "EventSelectors[*].DataResources[?Type == \`AWS::S3::Object\`].Values" --output text |xargs -n1 |cut -d: -f 6|sed 's/\///g')
-    echo $BUCKETS_OBJECT_LOGGING_ENABLED |tr " " "\n"|sort >> $TEMP_BUCKETS_LOGGING_LIST_FILE
-    if [[ $BUCKETS_OBJECT_LOGGING_ENABLED ]]; then
-      for bucket in $BUCKETS_OBJECT_LOGGING_ENABLED; do
-        textPass "$regx: S3 bucket $bucket has Object-level logging enabled in trail $trail" "$regx"
-      done
-    fi
-  done < $TEMP_TRAILS_LIST_FILE
-
-  # diff to get the ones that are not in any trail then they are not logging
-  BUCKETS_NOT_LOGGING=$(diff $TEMP_BUCKETS_LOGGING_LIST_FILE $TEMP_BUCKET_LIST_FILE | sed -n 's/^> //p')
-  if [[ $BUCKETS_NOT_LOGGING ]]; then
-    for bucket in $BUCKETS_NOT_LOGGING; do
-      textFail "$regx: S3 bucket $bucket has Object-level logging disabled" "$regx"
-   done
-  fi
-  # delete all temp files
-  rm -fr $TEMP_BUCKET_LIST_FILE $TEMP_TRAILS_LIST_FILE $TEMP_BUCKETS_LOGGING_LIST_FILE
-
-}
--- a/checks/check_extra726
+++ b/checks/check_extra726
@@ -1,31 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra726="7.26"
-CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra726="NOT_SCORED"
-CHECK_TYPE_extra726="EXTRA"
-CHECK_ALTERNATE_check726="extra726"
-
-extra726(){
-  trap "exit" INT
-  # forcing us-east-1 region only since support only works in that region
-  TA_CHECKS_ID=$($AWSCLI support describe-trusted-advisor-checks --language en $PROFILE_OPT --region us-east-1 --query checks[*].id  --output text)
-  for checkid in $TA_CHECKS_ID; do
-    QUERY_RESULT_NO_OK=$($AWSCLI support describe-trusted-advisor-check-result --check-id $checkid --language en $PROFILE_OPT --region us-east-1 --query 'result.status' --output text | grep -v "ok" )
-    if [[ $QUERY_RESULT_NO_OK ]]; then
-      TA_CHECKS_NAME=$($AWSCLI support describe-trusted-advisor-checks --language en $PROFILE_OPT --region us-east-1 --query "checks[?id==\`$checkid\`].{name:name}[*]"  --output text)
-      textFail "Trusted Advisor check $TA_CHECKS_NAME is in state $QUERY_RESULT_NO_OK"
-    fi
-  done
-}
--- a/checks/check_extra727
+++ b/checks/check_extra727
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra727="7.27"
-CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra727="NOT_SCORED"
-CHECK_TYPE_extra727="EXTRA"
-CHECK_ALTERNATE_check727="extra727"
-
-extra727(){
-  for regx in $REGIONS; do
-    LIST_SQS=$($AWSCLI sqs list-queues $PROFILE_OPT --region $regx --query QueueUrls --output text |grep -v ^None)
-    if [[ $LIST_SQS ]]; then
-      for queue in $LIST_SQS; do
-        # check if the policy has Principal as *
-        SQS_TO_CHECK=$($AWSCLI sqs get-queue-attributes --queue-url $queue $PROFILE_OPT --region $regx --attribute-names All --query Attributes.Policy --output text | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | awk '/Principal/ || /Condition/ && !skip { print } { skip = /Deny/} ')
-        PUBLIC_SQS_WCONDITION=$(echo $SQS_TO_CHECK|grep Condition)
-        if [[ $PUBLIC_SQS_WCONDITION ]]; then 
-          textInfo "$regx: SQS queue $queue has a Condition" "$regx"
-        else
-          PUBLIC_SQS=$(echo $SQS_TO_CHECK|grep \"Principal|grep \*)
-          if [[ $PUBLIC_SQS ]]; then
-            textFail "$regx: SQS queue $queue seems to be public (Principal: \"*\")" "$regx"
-          else
-            textInfo "$regx: SQS queue $queue seems correct" "$regx"
-          fi
-        fi
-      done
-    else
-      textInfo "$regx: No SQS queues found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra728
+++ b/checks/check_extra728
@@ -1,37 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra728="7.28"
-CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra728="NOT_SCORED"
-CHECK_TYPE_extra728="EXTRA"
-CHECK_ALTERNATE_check728="extra728"
-
-extra728(){
-  for regx in $REGIONS; do
-    LIST_SQS=$($AWSCLI sqs list-queues $PROFILE_OPT --region $regx --query QueueUrls --output text |grep -v ^None)
-    if [[ $LIST_SQS ]]; then
-      for queue in $LIST_SQS; do
-        # check if the policy has KmsMasterKeyId therefore SSE enabled
-        SSE_ENABLED_QUEUE=$($AWSCLI sqs get-queue-attributes --queue-url $queue $PROFILE_OPT --region $regx --attribute-names All --query Attributes.KmsMasterKeyId --output text|grep -v ^None)
-        if [[ $SSE_ENABLED_QUEUE ]]; then
-          textPass "$regx: SQS queue $queue is using Server Side Encryption" "$regx"
-        else
-          textFail "$regx: SQS queue $queue is not using Server Side Encryption" "$regx"
-        fi
-      done
-    else
-      textInfo "$regx: No SQS queues found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra729
+++ b/checks/check_extra729
@@ -1,37 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra729="7.29"
-CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra729="NOT_SCORED"
-CHECK_TYPE_extra729="EXTRA"
-CHECK_ALTERNATE_check729="extra729"
-
-extra729(){
-  # "Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
-  textInfo "Looking for EBS Volumes in all regions...  "
-  for regx in $REGIONS; do
-    LIST_OF_EBS_NON_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`false`].VolumeId' --output text)
-    if [[ $LIST_OF_EBS_NON_ENC_VOLUMES ]];then
-      for volume in $LIST_OF_EBS_NON_ENC_VOLUMES; do
-        textFail "$regx: $volume is not encrypted!" "$regx"
-      done
-    fi
-    LIST_OF_EBS_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`true`].VolumeId' --output text)
-    if [[ $LIST_OF_EBS_ENC_VOLUMES ]];then
-      for volume in $LIST_OF_EBS_ENC_VOLUMES; do
-        textPass "$regx: $volume is encrypted" "$regx"
-      done
-    fi
-  done
-}
--- a/checks/check_extra73
+++ b/checks/check_extra73
@@ -1,130 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-CHECK_ID_extra73="7.3,7.03"
-CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra73="NOT_SCORED"
-CHECK_TYPE_extra73="EXTRA"
-CHECK_ALTERNATE_extra703="extra73"
-CHECK_ALTERNATE_check73="extra73"
-CHECK_ALTERNATE_check703="extra73"
-
-# Improved and simplified check on Nov 18th 2018 due to a new bucket attribute
-# called PolicyStatus, not available in all regions yet.
-
-# extra73(){
-#   ALL_BUCKETS_LIST=$($AWSCLI s3api list-buckets --query 'Buckets[*].{Name:Name}' $PROFILE_OPT --region $REGION --output text)
-#   for bucket in $ALL_BUCKETS_LIST; do
-#     BUCKET_LOCATION=$($AWSCLI s3api get-bucket-location --bucket $bucket $PROFILE_OPT --region $REGION --output text)
-#     if [[ "None" == $BUCKET_LOCATION ]]; then
-#       BUCKET_LOCATION="us-east-1"
-#     fi
-#     if [[ "EU" == $BUCKET_LOCATION ]]; then
-#       BUCKET_LOCATION="eu-west-1"
-#     fi
-#
-#     BUCKET_POLICY_STATUS=$($AWSCLI s3api get-bucket-policy-status --bucket $bucket --query PolicyStatus.IsPublic --output text | grep False)
-#     if [[ $BUCKET_POLICY_STATUS ]];then
-#       textFail "$BUCKET_LOCATION: $bucket bucket is Public!" "$regx"
-#     else
-#       textPass "$BUCKET_LOCATION: $bucket bucket is not Public" "$regx"
-#     fi
-#   done
-# }
-
-
-extra73(){
-  textInfo "Looking for open S3 Buckets (ACLs and Policies) in all regions...  "
-  ALL_BUCKETS_LIST=$($AWSCLI s3api list-buckets --query 'Buckets[*].{Name:Name}' $PROFILE_OPT --region $REGION --output text)
-  for bucket in $ALL_BUCKETS_LIST; do
-    BUCKET_LOCATION=$($AWSCLI s3api get-bucket-location --bucket $bucket $PROFILE_OPT --region $REGION --output text)
-    if [[ "None" == $BUCKET_LOCATION ]]; then
-      BUCKET_LOCATION="us-east-1"
-    fi
-    if [[ "EU" == $BUCKET_LOCATION ]]; then
-      BUCKET_LOCATION="eu-west-1"
-    fi
-    # check if AllUsers is in the ACL as Grantee
-    CHECK_BUCKET_ALLUSERS_ACL=$($AWSCLI s3api get-bucket-acl $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --query "Grants[?Grantee.URI == 'http://acs.amazonaws.com/groups/global/AllUsers']" --output text |grep -v GRANTEE)
-    CHECK_BUCKET_ALLUSERS_ACL_SINGLE_LINE=$(echo -ne $CHECK_BUCKET_ALLUSERS_ACL)
-    # check if AuthenticatedUsers is in the ACL as Grantee, they will have access with sigened URL only
-    CHECK_BUCKET_AUTHUSERS_ACL=$($AWSCLI s3api get-bucket-acl $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --query "Grants[?Grantee.URI == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers']" --output text |grep -v GRANTEE)
-    CHECK_BUCKET_AUTHUSERS_ACL_SINGLE_LINE=$(echo -ne $CHECK_BUCKET_AUTHUSERS_ACL)
-    # to prevent error NoSuchBucketPolicy first clean the output controlling stderr
-    TEMP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-${bucket}.policy.XXXXXXXXXX)
-    $AWSCLI s3api get-bucket-policy $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --output text --query Policy > $TEMP_POLICY_FILE 2> /dev/null
-    # check if the S3 policy has Principal as *
-    CHECK_BUCKET_ALLUSERS_POLICY=$(cat $TEMP_POLICY_FILE | sed -e 's/[{}]/''/g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}'|awk '/Principal/ && !skip { print } { skip = /Deny/} '|grep ^\"Principal|grep \*)
-    if [[ $CHECK_BUCKET_ALLUSERS_ACL || $CHECK_BUCKET_AUTHUSERS_ACL || $CHECK_BUCKET_ALLUSERS_POLICY ]];then
-      if [[ $CHECK_BUCKET_ALLUSERS_ACL ]];then
-        textFail "$BUCKET_LOCATION: $bucket bucket is open to the Internet (Everyone) with permissions: $CHECK_BUCKET_ALLUSERS_ACL_SINGLE_LINE" "$regx"
-      fi
-      if [[ $CHECK_BUCKET_AUTHUSERS_ACL ]];then
-        textFail "$BUCKET_LOCATION: $bucket bucket is open to Authenticated users (Any AWS user) with permissions: $CHECK_BUCKET_AUTHUSERS_ACL_SINGLE_LINE" "$regx"
-      fi
-      if [[ $CHECK_BUCKET_ALLUSERS_POLICY ]];then
-        textFail "$BUCKET_LOCATION: $bucket bucket policy \"may\" allow Anonymous users to perform actions (Principal: \"*\")" "$regx"
-      fi
-    else
-      textPass "$BUCKET_LOCATION: $bucket bucket is not open" "$regx"
-    fi
-    rm -fr $TEMP_POLICY_FILE
-  done
-}
-
-# Then implementation below makes pararel checks but can reach AWS API limits
-# and eventually doesn't work as expected
-
-# extra73(){
-#   textTitle "$ID73" "$TITLE73" "NOT_SCORED" "EXTRA"
-#   textNotice "Looking for open S3 Buckets (ACLs and Policies) in all regions...  "
-#   ALL_BUCKETS_LIST=$($AWSCLI s3api list-buckets --query 'Buckets[*].{Name:Name}' --profile $PROFILE --region $REGION --output text)
-#   for bucket in $ALL_BUCKETS_LIST; do
-#     extra73Thread $bucket &
-#   done
-#   wait
-# }
-# extra73Thread(){
-#   bucket=$1
-#   BUCKET_LOCATION=$($AWSCLI s3api get-bucket-location --bucket $bucket --profile $PROFILE --region $REGION --output text)
-#   if [[ "None" == $BUCKET_LOCATION ]]; then
-#     BUCKET_LOCATION="us-east-1"
-#   fi
-#   if [[ "EU" == $BUCKET_LOCATION ]]; then
-#     BUCKET_LOCATION="eu-west-1"
-#   fi
-#   # check if AllUsers is in the ACL as Grantee
-#   CHECK_BUCKET_ALLUSERS_ACL=$($AWSCLI s3api get-bucket-acl --profile $PROFILE --region $BUCKET_LOCATION --bucket $bucket --query "Grants[?Grantee.URI == 'http://acs.amazonaws.com/groups/global/AllUsers']" --output text |grep -v GRANTEE)
-#   CHECK_BUCKET_ALLUSERS_ACL_SINGLE_LINE=$(echo -ne $CHECK_BUCKET_ALLUSERS_ACL)
-#   # check if AuthenticatedUsers is in the ACL as Grantee, they will have access with sigened URL only
-#   CHECK_BUCKET_AUTHUSERS_ACL=$($AWSCLI s3api get-bucket-acl --profile $PROFILE --region $BUCKET_LOCATION --bucket $bucket --query "Grants[?Grantee.URI == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers']" --output text |grep -v GRANTEE)
-#   CHECK_BUCKET_AUTHUSERS_ACL_SINGLE_LINE=$(echo -ne $CHECK_BUCKET_AUTHUSERS_ACL)
-#   # to prevent error NoSuchBucketPolicy first clean the output controlling stderr
-#   TEMP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-${bucket}.policy.XXXXXXXXXX)
-#   $AWSCLI s3api get-bucket-policy --profile $PROFILE --region $BUCKET_LOCATION --bucket $bucket --output text --query Policy > $TEMP_POLICY_FILE 2> /dev/null
-#   # check if the S3 policy has Principal as *
-#   CHECK_BUCKET_ALLUSERS_POLICY=$(cat $TEMP_POLICY_FILE | sed -e 's/[{}]/''/g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}'|awk '/Principal/ && !skip { print } { skip = /Deny/} '|grep ^\"Principal|grep \*)
-#   if [[ $CHECK_BUCKET_ALLUSERS_ACL || $CHECK_BUCKET_AUTHUSERS_ACL || $CHECK_BUCKET_ALLUSERS_POLICY ]];then
-#     if [[ $CHECK_BUCKET_ALLUSERS_ACL ]];then
-#       textWarn "$BUCKET_LOCATION: $bucket bucket is open to the Internet (Everyone) with permissions: $CHECK_BUCKET_ALLUSERS_ACL_SINGLE_LINE" "$regx"
-#     fi
-#     if [[ $CHECK_BUCKET_AUTHUSERS_ACL ]];then
-#       textWarn "$BUCKET_LOCATION: $bucket bucket is open to Authenticated users (Any AWS user) with permissions: $CHECK_BUCKET_AUTHUSERS_ACL_SINGLE_LINE" "$regx"
-#     fi
-#     if [[ $CHECK_BUCKET_ALLUSERS_POLICY ]];then
-#       textWarn "$BUCKET_LOCATION: $bucket bucket policy \"may\" allow Anonymous users to perform actions (Principal: \"*\")" "$regx"
-#     fi
-#   else
-#     textOK "$BUCKET_LOCATION: $bucket bucket is not open" "$regx"
-#   fi
-#   rm -fr $TEMP_POLICY_FILE
-# }
--- a/checks/check_extra730
+++ b/checks/check_extra730
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-DAYS_TO_EXPIRE_THRESHOLD="7"
-
-CHECK_ID_extra730="7.30"
-CHECK_TITLE_extra730="[extra730] Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra730="NOT_SCORED"
-CHECK_TYPE_extra730="EXTRA"
-CHECK_ALTERNATE_check730="extra730"
-
-extra730(){
-  # "Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less"
-  for regx in $REGIONS; do
-    LIST_OF_ACM_CERTS=$($AWSCLI acm list-certificates $PROFILE_OPT --region $regx --query 'CertificateSummaryList[].CertificateArn' --output text)
-    if [[ $LIST_OF_ACM_CERTS ]];then
-      for cert in $LIST_OF_ACM_CERTS; do
-        CERT_DATA=$($AWSCLI acm describe-certificate --certificate-arn $cert --query 'Certificate.[DomainName,NotAfter]' --output text)
-        echo "$CERT_DATA" | while read FQDN NOTAFTER; do
-          EXPIRES_DATE=$(timestamp_to_date $NOTAFTER)
-          COUNTER_DAYS=$(how_many_days_from_today $EXPIRES_DATE)
-          if [[ $COUNTER_DAYS -le $DAYS_TO_EXPIRE_THRESHOLD ]]; then
-            textFail "$regx: Certificate for $FQDN is about to expire in $COUNTER_DAYS days!" "$regx"
-          else
-            textPass "$regx: Certificate for $FQDN expires in $COUNTER_DAYS days" "$regx"
-          fi
-        done
-      done
-    else
-      textInfo "$regx: No certificates found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra731
+++ b/checks/check_extra731
@@ -1,44 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra731="7.31"
-CHECK_TITLE_extra731="[extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra731="NOT_SCORED"
-CHECK_TYPE_extra731="EXTRA"
-CHECK_ALTERNATE_check731="extra731"
-
-extra731(){
-  for regx in $REGIONS; do
-    LIST_SNS=$($AWSCLI sns list-topics $PROFILE_OPT --region $regx --query Topics --output text |grep -v ^None)
-    if [[ $LIST_SNS ]]; then
-      for topic in $LIST_SNS; do
-        # check if the policy has Principal as *
-        SNS_TO_CHECK=$($AWSCLI sns get-topic-attributes --topic-arn $topic $PROFILE_OPT --region $regx --query Attributes.Policy --output text | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | awk '/Principal/ || /Condition/ && !skip { print } { skip = /Deny/}')
-        PUBLIC_SNS_WCONDITION=$(echo $SNS_TO_CHECK|grep Condition)
-        SHORT_TOPIC=$(echo $topic| cut -d: -f6)
-        if [[ $PUBLIC_SNS_WCONDITION ]]; then
-          textInfo "$regx: SNS topic $SHORT_TOPIC has a Condition" "$regx"
-        else
-          PUBLIC_SNS=$(echo $SNS_TO_CHECK|grep \"Principal|grep \*)
-          if [[ $PUBLIC_SNS ]]; then
-            textFail "$regx: SNS topic $SHORT_TOPIC seems to be public (Principal: \"*\")" "$regx"
-          else
-            textInfo "$regx: SNS topic $SHORT_TOPIC seems correct" "$regx"
-          fi
-        fi
-      done
-    else
-      textInfo "$regx: No SNS topics found" "$regx"
-    fi
-  done
-}
--- a/checks/check_extra732
+++ b/checks/check_extra732
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-CHECK_ID_extra732="7.32"
-CHECK_TITLE_extra732="[extra732] Check if Geo restrictions are enabled in CloudFront distributions (Not Scored) (Not part of CIS benchmark)"
-CHECK_SCORED_extra732="NOT_SCORED"
-CHECK_TYPE_extra732="EXTRA"
-CHECK_ALTERNATE_check732="extra732"
-
-extra732(){
-  LIST_DISTRIBUTIONS=$($AWSCLI cloudfront list-distributions $PROFILE_OPT --query 'DistributionList.Items[*].Id' --output text |grep -v ^None)
-  if [[ $LIST_DISTRIBUTIONS ]]; then
-    for dist in $LIST_DISTRIBUTIONS; do
-      GEO_ENABLED=$($AWSCLI cloudfront get-distribution-config $PROFILE_OPT --id $dist --query DistributionConfig.Restrictions.GeoRestriction.RestrictionType --output text)
-      if [[ $GEO_ENABLED == "none" ]]; then
-        textFail "CloudFront distribution $dist has not Geo restrictions"
-      else
-        textPass "CloudFront distribution $dist has Geo restrictions enabled"
-      fi
-    done
-  else
-    textInfo "No CloudFront distributions found"
-  fi
-}
--- a/Show More
+++ b/Show More