test(audit_info): refactor

test(audit_info): refactor rest
test(audit_info): refactor cloudformation
2026-05-16 17:22:43 +00:00 · 2023-12-04 15:57:04 +01:00 · 2023-12-04 14:36:45 +01:00 · 2023-12-04 14:07:45 +01:00 · 2023-12-04 14:03:17 +01:00 · 2023-12-04 13:52:04 +01:00
600 changed files with 9599 additions and 22249 deletions
@@ -13,8 +13,3 @@ updates:
    labels:
      - "dependencies"
      - "pip"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    target-branch: master
@@ -32,11 +32,11 @@ jobs:
      POETRY_VIRTUALENVS_CREATE: "false"
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Setup python (release)
        if: github.event_name == 'release'
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v2
        with:
          python-version: ${{ env.PYTHON_VERSION }}

@@ -52,13 +52,13 @@ jobs:
          poetry version ${{ github.event.release.tag_name }}

      - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Public ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
        with:
          registry: public.ecr.aws
          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -67,11 +67,11 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v2
        with:
          push: true
          tags: |
@@ -83,7 +83,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v2
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
@@ -13,10 +13,10 @@ name: "CodeQL"

 on:
  push:
-    branches: [ "master", "prowler-4.0-dev" ]
+    branches: [ "master", prowler-2, prowler-3.0-dev ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [ "master", "prowler-4.0-dev" ]
+    branches: [ "master" ]
  schedule:
    - cron: '00 12 * * *'

@@ -37,11 +37,11 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,6 +52,6 @@ jobs:
        # queries: security-extended,security-and-quality

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v2
      with:
        category: "/language:${{matrix.language}}"
@@ -7,11 +7,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.67.2
+        uses: trufflesecurity/trufflehog@v3.4.4
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
@@ -4,23 +4,21 @@ on:
  push:
    branches:
      - "master"
-      - "prowler-4.0-dev"
  pull_request:
    branches:
      - "master"
-      - "prowler-4.0-dev"
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.9", "3.10", "3.11"]

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v42
+        uses: tj-actions/changed-files@v39
        with:
          files: ./**
          files_ignore: |
@@ -28,7 +26,6 @@ jobs:
            README.md
            docs/**
            permissions/**
-            mkdocs.yml
      - name: Install poetry
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
@@ -36,7 +33,7 @@ jobs:
          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -88,6 +85,6 @@ jobs:
          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -16,7 +16,7 @@ jobs:
    name: Release Prowler to PyPI
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
        with:
          ref: ${{ env.GITHUB_BRANCH }}
      - name: Install dependencies
@@ -24,7 +24,7 @@ jobs:
          pipx install poetry
          pipx inject poetry poetry-bumpversion
      - name: setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v4
        with:
          python-version: 3.9
          cache: 'poetry'
@@ -44,7 +44,7 @@ jobs:
          poetry publish
      # Create pull request with new version
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
          commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
@@ -23,12 +23,12 @@ jobs:
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
        with:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v2
        with:
          python-version: 3.9 #install the python needed

@@ -38,7 +38,7 @@ jobs:
          pip install boto3

      - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,12 +50,12 @@ jobs:

      # Create pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
          commit-message: "feat(regions_update): Update regions for AWS services."
          branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low, provider/aws"
+          labels: "status/waiting-for-revision, severity/low"
          title: "chore(regions_update): Changes in regions for AWS services."
          body: |
            ### Description
@@ -1,7 +1,7 @@
 repos:
  ## GENERAL
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.4.0
    hooks:
      - id: check-merge-conflict
      - id: check-yaml
@@ -15,7 +15,7 @@ repos:

  ## TOML
  - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-    rev: v2.12.0
+    rev: v2.10.0
    hooks:
      - id: pretty-format-toml
        args: [--autofix]
@@ -28,7 +28,7 @@ repos:
      - id: shellcheck
  ## PYTHON
  - repo: https://github.com/myint/autoflake
-    rev: v2.2.1
+    rev: v2.2.0
    hooks:
      - id: autoflake
        args:
@@ -39,25 +39,25 @@ repos:
          ]

  - repo: https://github.com/timothycrosley/isort
-    rev: 5.13.2
+    rev: 5.12.0
    hooks:
      - id: isort
        args: ["--profile", "black"]

  - repo: https://github.com/psf/black
-    rev: 24.1.1
+    rev: 22.12.0
    hooks:
      - id: black

  - repo: https://github.com/pycqa/flake8
-    rev: 7.0.0
+    rev: 6.1.0
    hooks:
      - id: flake8
        exclude: contrib
        args: ["--ignore=E266,W503,E203,E501,W605"]

  - repo: https://github.com/python-poetry/poetry
-    rev: 1.7.0
+    rev: 1.6.0 # add version here
    hooks:
      - id: poetry-check
      - id: poetry-lock
@@ -80,12 +80,18 @@ repos:
      - id: trufflehog
        name: TruffleHog
        description: Detect secrets in your data.
-        entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail'
+        # entry: bash -c 'trufflehog git file://. --only-verified --fail'
        # For running trufflehog in docker, use the following entry instead:
-        # entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
+        entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
        language: system
        stages: ["commit", "push"]

+      - id: pytest-check
+        name: pytest-check
+        entry: bash -c 'pytest tests -n auto'
+        language: system
+        files: '.*\.py'
+
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement

 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at [support.prowler.com](https://customer.support.prowler.com/servicedesk/customer/portals). All
+reported by contacting the project team at community@prowler.cloud. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
@@ -1,25 +1,24 @@
 <p align="center">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png?raw=True#gh-light-mode-only" width="350" height="115">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png?raw=True#gh-dark-mode-only" width="350" height="115">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-dark.png?raw=True#gh-dark-mode-only" width="150" height="36">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-light.png?raw=True#gh-light-mode-only" width="15%" height="15%">
 </p>
 <p align="center">
-  <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+  <b><i>See all the things you and your team can do with ProwlerPro at <a href="https://prowler.pro">prowler.pro</a></i></b>
 </p>
-<p align="center">
-<b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
-</p>
-
 <hr>
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png" />
+</p>
 <p align="center">
  <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a>
  <a href="https://pypi.org/project/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/v/prowler.svg"></a>
  <a href="https://pypi.python.org/pypi/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/pyversions/prowler.svg"></a>
  <a href="https://pypistats.org/packages/prowler"><img alt="PyPI Prowler Downloads" src="https://img.shields.io/pypi/dw/prowler.svg?label=prowler%20downloads"></a>
+  <a href="https://pypistats.org/packages/prowler-cloud"><img alt="PyPI Prowler-Cloud Downloads" src="https://img.shields.io/pypi/dw/prowler-cloud.svg?label=prowler-cloud%20downloads"></a>
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/toniblyx/prowler"></a>
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/cloud/build/toniblyx/prowler"></a>
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/image-size/toniblyx/prowler"></a>
  <a href="https://gallery.ecr.aws/prowler-cloud/prowler"><img width="120" height=19" alt="AWS ECR Gallery" src="https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png"></a>
-  <a href="https://codecov.io/gh/prowler-cloud/prowler"><img src="https://codecov.io/gh/prowler-cloud/prowler/graph/badge.svg?token=OflBGsdpDl"/></a>
 </p>
 <p align="center">
  <a href="https://github.com/prowler-cloud/prowler"><img alt="Repo size" src="https://img.shields.io/github/repo-size/prowler-cloud/prowler"></a>
@@ -31,7 +30,6 @@
  <a href="https://twitter.com/ToniBlyx"><img alt="Twitter" src="https://img.shields.io/twitter/follow/toniblyx?style=social"></a>
  <a href="https://twitter.com/prowlercloud"><img alt="Twitter" src="https://img.shields.io/twitter/follow/prowlercloud?style=social"></a>
 </p>
-<hr>

 # Description

@@ -41,10 +39,10 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.cloud/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.cloud/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 302 | 61 -> `prowler aws --list-services` | 27 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
+| AWS | 301 | 61 -> `prowler aws --list-services` | 25 -> `prowler aws --list-compliance` | 5 -> `prowler aws --list-categories` |
 | GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 37 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
-| Kubernetes | Work In Progress | - | CIS soon | - |
+| Azure | 23 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
+| Kubernetes | Planned | - | - | - |

 # 📖 Documentation

@@ -56,7 +54,7 @@ For Prowler v2 Documentation, please go to https://github.com/prowler-cloud/prow
 # ⚙️ Install

 ## Pip package
-Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9:

 ```console
 pip install prowler
@@ -79,7 +77,7 @@ The container images are available here:

 ## From Github

-Python >= 3.9, < 3.13 is required with pip and poetry:
+Python >= 3.9 is required with pip and poetry:

 ```
 git clone https://github.com/prowler-cloud/prowler
@@ -14,7 +14,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F

 If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.

-The information you share with ProwlerPro as part of this process is kept confidential within ProwlerPro. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.

 We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.

@@ -523,7 +523,7 @@ from unittest import mock
 from uuid import uuid4

 # Azure Constants
-AZURE_SUBSCRIPTION = str(uuid4())
+AZURE_SUSCRIPTION = str(uuid4())



@@ -542,7 +542,7 @@ class Test_defender_ensure_defender_for_arm_is_on:

        # Create the custom Defender object to be tested
        defender_client.pricings = {
-            AZURE_SUBSCRIPTION: {
+            AZURE_SUSCRIPTION: {
                "Arm": Defender_Pricing(
                    resource_id=resource_id,
                    pricing_tier="Not Standard",
@@ -580,9 +580,9 @@ class Test_defender_ensure_defender_for_arm_is_on:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)"
+                == f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
            )
-            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].subscription == AZURE_SUSCRIPTION
            assert result[0].resource_name == "Defender plan ARM"
            assert result[0].resource_id == resource_id
 ```
@@ -136,16 +136,26 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-clo

 === "AWS CloudShell"

-    After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [2](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+    Prowler can be easely executed in AWS CloudShell but it has some prerequsites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:

    _Requirements_:

-    * Open AWS CloudShell `bash`.
-
+    * First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
+    ```
+    sudo yum -y install gcc openssl-devel bzip2-devel libffi-devel
+    wget https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz
+    tar zxf Python-3.9.16.tgz
+    cd Python-3.9.16/
+    ./configure --enable-optimizations
+    sudo make altinstall
+    python3.9 --version
+    cd
+    ```
    _Commands_:

+    * Once Python 3.9 is available we can install Prowler from pip:
    ```
-    pip install prowler
+    pip3.9 install prowler
    prowler -v
    ```

@@ -15,7 +15,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F

 If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.

-The information you share with ProwlerPro as part of this process is kept confidential within ProwlerPro. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.

 We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.

@@ -32,14 +32,3 @@ Prowler's AWS Provider uses the Boto3 [Standard](https://boto3.amazonaws.com/v1/
 - Retry attempts on nondescriptive, transient error codes. Specifically, these HTTP status codes: 500, 502, 503, 504.

 - Any retry attempt will include an exponential backoff by a base factor of 2 for a maximum backoff time of 20 seconds.
-
-## Notes for validating retry attempts
-
-If you are making changes to Prowler, and want to validate if requests are being retried or given up on, you can take the following approach
-
-* Run prowler with `--log-level DEBUG` and `--log-file debuglogs.txt`
-* Search for retry attempts using `grep -i 'Retry needed' debuglogs.txt`
-
-This is based off of the [AWS documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html#checking-retry-attempts-in-your-client-logs), which states that if a retry is performed, you will see a message starting with "Retry needed".
-
-You can determine the total number of calls made using `grep -i 'Sending http request' debuglogs.txt | wc -l`
@@ -1,26 +1,26 @@
 # AWS CloudShell

-## Installation
-After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [[2]](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
-```shell
-pip install prowler
+Prowler can be easily executed in AWS CloudShell but it has some prerequisites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+
+- First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
+```
+sudo yum -y install gcc openssl-devel bzip2-devel libffi-devel
+wget https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz
+tar zxf Python-3.9.16.tgz
+cd Python-3.9.16/
+./configure --enable-optimizations
+sudo make altinstall
+python3.9 --version
+cd 
+```
+- Once Python 3.9 is available we can install Prowler from pip:
+```
+pip3.9 install prowler
+```
+- Now enjoy Prowler:
+```
 prowler -v
+prowler 
 ```

-## Download Files
-
-To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
-
-## Clone Prowler from Github
-
-The limited storage that AWS CloudShell provides for the user's home directory causes issues when installing the poetry dependencies to run Prowler from GitHub. Here is a workaround:
-```shell
-git clone https://github.com/prowler-cloud/prowler.git
-cd prowler
-pip install poetry
-mkdir /tmp/pypoetry
-poetry config cache-dir /tmp/pypoetry
-poetry shell
-poetry install
-python prowler.py -v
-```
+- To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
@@ -23,15 +23,6 @@ prowler aws -R arn:aws:iam::<account_id>:role/<role_name>
 prowler aws -T/--session-duration <seconds> -I/--external-id <external_id> -R arn:aws:iam::<account_id>:role/<role_name>
 ```

-## Custom Role Session Name
-
-Prowler can use your custom Role Session name with:
-```console
-prowler aws --role-session-name <role_session_name>
-```
-
-> It defaults to `ProwlerAssessmentSession`
-
 ## STS Endpoint Region

 If you are using Prowler in AWS regions that are not enabled by default you need to use the argument `--sts-endpoint-region` to point the AWS STS API calls `assume-role` and `get-caller-identity` to the non-default region, e.g.: `prowler aws --sts-endpoint-region eu-south-2`.
@@ -1,116 +1,48 @@
 # AWS Security Hub Integration

-Prowler supports natively and as **official integration** sending findings to [AWS Security Hub](https://aws.amazon.com/security-hub). This integration allows **Prowler** to import its findings to AWS Security Hub.
+Prowler supports natively and as **official integration** sending findings to [AWS Security Hub](https://aws.amazon.com/security-hub). This integration allows Prowler to import its findings to AWS Security Hub.

+With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions and from Prowler for free.

-Before sending findings, you will need to enable AWS Security Hub and the **Prowler** integration.
+Before sending findings to Prowler, you will need to perform next steps:

-## Enable AWS Security Hub
+1. Since Security Hub is a region based service, enable it in the region or regions you require. Use the AWS Management Console or using the AWS CLI with this command if you have enough permissions:
+    - `aws securityhub enable-security-hub --region <region>`.
+2. Enable Prowler as partner integration integration. Use the AWS Management Console or using the AWS CLI with this command if you have enough permissions:
+    - `aws securityhub enable-import-findings-for-product --region <region> --product-arn arn:aws:securityhub:<region>::product/prowler/prowler` (change region also inside the ARN).
+    - Using the AWS Management Console:
+     ![Screenshot 2020-10-29 at 10 26 02 PM](https://user-images.githubusercontent.com/3985464/97634660-5ade3400-1a36-11eb-9a92-4a45cc98c158.png)
+3. Allow Prowler to import its findings to AWS Security Hub by adding the policy below to the role or user running Prowler:
+    - [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)

-To enable the integration you have to perform the following steps, in _at least_ one AWS region of a given AWS account, to enable **AWS Security Hub** and **Prowler** as a partner integration.
-
-Since **AWS Security Hub** is a region based service, you will need to enable it in the region or regions you require. You can configure it using the AWS Management Console or the AWS CLI.
-
-> Take into account that enabling this integration will incur in costs in AWS Security Hub, please refer to its pricing [here](https://aws.amazon.com/security-hub/pricing/) for more information.
-
-### Using the AWS Management Console
-
-#### Enable AWS Security Hub
-
-If you have currently AWS Security Hub enabled you can skip to the [next section](#enable-prowler-integration).
-
-1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
-
-2. When you open the Security Hub console for the first time make sure that you are in the region you want to enable, then choose **Go to Security Hub**.
-![](./img/enable.png)
-
-3. On the next page, the Security standards section lists the security standards that Security Hub supports. Select the check box for a standard to enable it, and clear the check box to disable it.
-
-4. Choose **Enable Security Hub**.
-![](./img/enable-2.png)
-
-#### Enable Prowler Integration
-
-If you have currently the Prowler integration enabled in AWS Security Hub you can skip to the [next section](#send-findings) and start sending findings.
-
-Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your **AWS Security Hub**.
-
-1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
-
-2. Select the **Integrations** tab in the right-side menu bar.
-![](./img/enable-partner-integration.png)
-
-3. Search for _Prowler_ in the text search box and the **Prowler** integration will appear.
-
-4. Once there, click on **Accept Findings** to allow **AWS Security Hub** to receive findings from **Prowler**.
-![](./img/enable-partner-integration-2.png)
-
-5. A new modal will appear to confirm that you are enabling the **Prowler** integration.
-![](./img/enable-partner-integration-3.png)
-
-6. Right after click on **Accept Findings**, you will see that the integration is enabled in **AWS Security Hub**.
-![](./img/enable-partner-integration-4.png)
-
-### Using the AWS CLI
-
-To enable **AWS Security Hub** and the **Prowler** integration you have to run the following commands using the AWS CLI:
-
-```shell
-aws securityhub enable-security-hub --region <region>
-```
-> For this command to work you will need the `securityhub:EnableSecurityHub` permission.
-> You will need to set the AWS region where you want to enable AWS Security Hub.
-
-Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your AWS Security Hub. You have to run the following commands using the AWS CLI:
-
-```shell
-aws securityhub enable-import-findings-for-product --region eu-west-1 --product-arn arn:aws:securityhub:<region>::product/prowler/prowler
-```
-> You will need to set the AWS region where you want to enable the integration and also the AWS region also within the ARN.
-> For this command to work you will need the `securityhub:securityhub:EnableImportFindingsForProduct` permission.
-
-
-## Send Findings
 Once it is enabled, it is as simple as running the command below (for all regions):

 ```sh
-prowler aws --security-hub
+prowler aws -S
 ```

 or for only one filtered region like eu-west-1:

 ```sh
-prowler --security-hub --region eu-west-1
+prowler -S -f eu-west-1
 ```

-> **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q/--quiet` to the command. You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub.
+> **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q` to the command.

-> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f/--region <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.
+> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.

 > **Note 3**: To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours.

-### See you Prowler findings in AWS Security Hub
+Once you run findings for first time you will be able to see Prowler findings in Findings section:

-Once configured the **AWS Security Hub** in your next scan you will receive the **Prowler** findings in the AWS regions configured. To review those findings in **AWS Security Hub**:
-
-1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
-
-2. Select the **Findings** tab in the right-side menu bar.
-![](./img/findings.png)
-
-3. Use the search box filters and use the **Product Name** filter with the value _Prowler_ to see the findings sent from **Prowler**.
-
-4. Then, you can click on the check **Title** to see the details and the history of a finding.
-![](./img/finding-details.png)
-
-As you can see in the related requirements section, in the detailed view of the findings, **Prowler** also sends compliance information related to every finding.
+![Screenshot 2020-10-29 at 10 29 05 PM](https://user-images.githubusercontent.com/3985464/97634676-66c9f600-1a36-11eb-9341-70feb06f6331.png)

 ## Send findings to Security Hub assuming an IAM Role

 When you are auditing a multi-account AWS environment, you can send findings to a Security Hub of another account by assuming an IAM role from that account using the `-R` flag in the Prowler command:

 ```sh
-prowler --security-hub --role arn:aws:iam::123456789012:role/ProwlerExecutionRole
+prowler -S -R arn:aws:iam::123456789012:role/ProwlerExecRole
 ```

 > Remember that the used role needs to have permissions to send findings to Security Hub. To get more information about the permissions required, please refer to the following IAM policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)
@@ -118,17 +50,12 @@ prowler --security-hub --role arn:aws:iam::123456789012:role/ProwlerExecutionRol

 ## Send only failed findings to Security Hub

-When using the **AWS Security Hub** integration you can send only the `FAIL` findings generated by **Prowler**. Therefore, the **AWS Security Hub** usage costs eventually would be lower. To follow that recommendation you could add the `-q/--quiet` flag to the Prowler command:
+When using Security Hub it is recommended to send only the failed findings generated. To follow that recommendation you could add the `-q` flag to the Prowler command:

 ```sh
-prowler --security-hub --quiet
+prowler -S -q
 ```

-You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub:
-
-```sh
-prowler --security-hub --send-sh-only-fails
-```

 ## Skip sending updates of findings to Security Hub

@@ -136,5 +63,5 @@ By default, Prowler archives all its findings in Security Hub that have not appe
 You can skip this logic by using the option `--skip-sh-update` so Prowler will not archive older findings:

 ```sh
-prowler --security-hub --skip-sh-update
+prowler -S --skip-sh-update
 ```
@@ -47,7 +47,7 @@ It is a best practice to encrypt both metadata and connection passwords in AWS G
 #### Inspector
 Amazon Inspector is a vulnerability discovery service that automates continuous scanning for security vulnerabilities within your Amazon EC2, Amazon ECR, and AWS Lambda environments. Prowler recommends to enable it and resolve all the Inspector's findings. Ignoring the unused services, Prowler will only notify you if there are any Lambda functions, EC2 instances or ECR repositories in the region where Amazon inspector should be enabled.

-  - `inspector2_is_enabled`
+  - `inspector2_findings_exist`

 #### Macie
 Amazon Macie is a security service that uses machine learning to automatically discover, classify and protect sensitive data in S3 buckets. Prowler will only create a finding when Macie is not enabled if there are S3 buckets in your account.
@@ -1,187 +0,0 @@
-# Parallel Execution
-
-The strategy used here will be to execute Prowler once per service. You can modify this approach as per your requirements.
-
-This can help for really large accounts, but please be aware of AWS API rate limits:
-
-1. **Service-Specific Limits**: Each AWS service has its own rate limits. For instance, Amazon EC2 might have different rate limits for launching instances versus making API calls to describe instances.
-2. **API Rate Limits**: Most of the rate limits in AWS are applied at the API level. Each API call to an AWS service counts towards the rate limit for that service.
-3. **Throttling Responses**: When you exceed the rate limit for a service, AWS responds with a throttling error. In AWS SDKs, these are typically represented as `ThrottlingException` or `RateLimitExceeded` errors.
-
-For information on Prowler's retrier configuration please refer to this [page](https://docs.prowler.cloud/en/latest/tutorials/aws/boto3-configuration/).
-
-> Note: You might need to increase the `--aws-retries-max-attempts` parameter from the default value of 3. The retrier follows an exponential backoff strategy.
-
-## Linux
-
-Generate a list of services that Prowler supports, and populate this info into a file:
-
-```bash
-prowler aws --list-services | awk -F"- " '{print $2}' | sed '/^$/d' > services
-```
-
-Make any modifications for services you would like to skip scanning by modifying this file.
-
-Then create a new PowerShell script file `parallel-prowler.sh` and add the following contents. Update the `$profile` variable to the AWS CLI profile you want to run Prowler with.
-
-```bash
-#!/bin/bash
-
-# Change these variables as needed
-profile="your_profile"
-account_id=$(aws sts get-caller-identity --profile "${profile}" --query 'Account' --output text)
-
-echo "Executing in account: ${account_id}"
-
-# Maximum number of concurrent processes
-MAX_PROCESSES=5
-
-# Loop through the services
-while read service; do
-    echo "$(date '+%Y-%m-%d %H:%M:%S'): Starting job for service: ${service}"
-
-    # Run the command in the background
-    (prowler -p "$profile" -s "$service" -F "${account_id}-${service}" --ignore-unused-services --only-logs; echo "$(date '+%Y-%m-%d %H:%M:%S') - ${service} has completed") &
-
-    # Check if we have reached the maximum number of processes
-    while [ $(jobs -r | wc -l) -ge ${MAX_PROCESSES} ]; do
-        # Wait for a second before checking again
-        sleep 1
-    done
-done < ./services
-
-# Wait for all background processes to finish
-wait
-echo "All jobs completed"
-```
-
-Output will be stored in the `output/` folder that is in the same directory from which you executed the script.
-
-## Windows
-
-Generate a list of services that Prowler supports, and populate this info into a file:
-
-```powershell
-prowler aws --list-services | ForEach-Object {
-    # Capture lines that are likely service names
-    if ($_ -match '^\- \w+$') {
-        $_.Trim().Substring(2)
-    }
-} | Where-Object {
-    # Filter out empty or null lines
-    $_ -ne $null -and $_ -ne ''
-} | Set-Content -Path "services"
-```
-
-Make any modifications for services you would like to skip scanning by modifying this file.
-
-Then create a new PowerShell script file `parallel-prowler.ps1` and add the following contents. Update the `$profile` variable to the AWS CLI profile you want to run prowler with.
-
-Change any parameters you would like when calling prowler in the `Start-Job -ScriptBlock` section. Note that you need to keep the `--only-logs` parameter, else some encoding issue occurs when trying to render the progress-bar and prowler won't successfully execute.
-
-```powershell
-$profile = "your_profile"
-$account_id = Invoke-Expression -Command "aws sts get-caller-identity --profile $profile --query 'Account' --output text"
-
-Write-Host "Executing Prowler in $account_id"
-
-# Maximum number of concurrent jobs
-$MAX_PROCESSES = 5
-
-# Read services from a file
-$services = Get-Content -Path "services"
-
-# Array to keep track of started jobs
-$jobs = @()
-
-foreach ($service in $services) {
-    # Start the command as a job
-    $job = Start-Job -ScriptBlock {
-        prowler -p ${using:profile} -s ${using:service} -F "${using:account_id}-${using:service}" --ignore-unused-services --only-logs
-	      $endTimestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
-        Write-Output "${endTimestamp} - $using:service has completed"
-    }
-    $jobs += $job
-    Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - Starting job for service: $service"
-
-    # Check if we have reached the maximum number of jobs
-    while (($jobs | Where-Object { $_.State -eq 'Running' }).Count -ge $MAX_PROCESSES) {
-        Start-Sleep -Seconds 1
-        # Check for any completed jobs and receive their output
-        $completedJobs = $jobs | Where-Object { $_.State -eq 'Completed' }
-        foreach ($completedJob in $completedJobs) {
-            Receive-Job -Job $completedJob -Keep | ForEach-Object { Write-Host $_ }
-            $jobs = $jobs | Where-Object { $_.Id -ne $completedJob.Id }
-            Remove-Job -Job $completedJob
-        }
-    }
-}
-
-# Check for any remaining completed jobs
-$remainingCompletedJobs = $jobs | Where-Object { $_.State -eq 'Completed' }
-foreach ($remainingJob in $remainingCompletedJobs) {
-    Receive-Job -Job $remainingJob -Keep | ForEach-Object { Write-Host $_ }
-    Remove-Job -Job $remainingJob
-}
-
-Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - All jobs completed"
-```
-
-Output will be stored in `C:\Users\YOUR-USER\Documents\output\`
-
-## Combining the output files
-
-Guidance is provided for the CSV file format. From the ouput directory, execute either the following Bash or PowerShell script. The script will collect the output from the CSV files, only include the header from the first file, and then output the result as CombinedCSV.csv in the current working directory.
-
-There is no logic implemented in terms of which CSV files it will combine. If you have additional CSV files from other actions, such as running a quick inventory, you will need to move that out of the current (or any nested) directory, or move the output you want to combine into its own folder and run the script from there.
-
-```bash
-#!/bin/bash
-
-# Initialize a variable to indicate the first file
-firstFile=true
-
-# Find all CSV files and loop through them
-find . -name "*.csv" -print0 | while IFS= read -r -d '' file; do
-    if [ "$firstFile" = true ]; then
-        # For the first file, keep the header
-        cat "$file" > CombinedCSV.csv
-        firstFile=false
-    else
-        # For subsequent files, skip the header
-        tail -n +2 "$file" >> CombinedCSV.csv
-    fi
-done
-```
-
-```powershell
-# Get all CSV files from current directory and its subdirectories
-$csvFiles = Get-ChildItem -Recurse -Filter "*.csv"
-
-# Initialize a variable to track if it's the first file
-$firstFile = $true
-
-# Loop through each CSV file
-foreach ($file in $csvFiles) {
-    if ($firstFile) {
-        # For the first file, keep the header and change the flag
-        $combinedCsv = Import-Csv -Path $file.FullName
-        $firstFile = $false
-    } else {
-        # For subsequent files, skip the header
-        $tempCsv = Import-Csv -Path $file.FullName
-        $combinedCsv += $tempCsv | Select-Object * -Skip 1
-    }
-}
-
-# Export the combined data to a new CSV file
-$combinedCsv | Export-Csv -Path "CombinedCSV.csv" -NoTypeInformation
-```
-
-## TODO: Additional Improvements
-
-Some services need to instantiate another service to perform a check. For instance, `cloudwatch` will instantiate Prowler's `iam` service to perform the `cloudwatch_cross_account_sharing_disabled` check. When the `iam` service is instantiated, it will perform the `__init__` function, and pull all the information required for that service. This provides an opportunity for an improvement in the above script to group related services together so that the `iam` services (or any other cross-service references) isn't repeatedily instantiated by grouping dependant services together. A complete mapping between these services still needs to be further investigated, but these are the cross-references that have been noted:
-
-* inspector2 needs lambda and ec2
-* cloudwatch needs iam
-* dlm needs ec2
@@ -43,71 +43,46 @@ Hereunder is the structure for each of the supported report formats by Prowler:
 ![HTML Output](../img/output-html.png)
 ### CSV

-CSV format has a set of common columns for all the providers, and then provider specific columns.  
-The common columns are the following:
+The following are the columns present in the CSV format:

 - ASSESSMENT_START_TIME
 - FINDING_UNIQUE_ID
 - PROVIDER
- CHECK_ID
- CHECK_TITLE
- CHECK_TYPE
- STATUS
- STATUS_EXTENDED
- SERVICE_NAME
- SUBSERVICE_NAME
- SEVERITY
- RESOURCE_TYPE
- RESOURCE_DETAILS
- RESOURCE_TAGS
- DESCRIPTION
- RISK
- RELATED_URL
- REMEDIATION_RECOMMENDATION_TEXT
- REMEDIATION_RECOMMENDATION_URL
- REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC
- REMEDIATION_RECOMMENDATION_CODE_TERRAFORM
- REMEDIATION_RECOMMENDATION_CODE_CLI
- REMEDIATION_RECOMMENDATION_CODE_OTHER
- COMPLIANCE
- CATEGORIES
- DEPENDS_ON
- RELATED_TO
- NOTES
-
-And then by the provider specific columns:
-
-#### AWS
-
 - PROFILE
 - ACCOUNT_ID
- ACCOUNT_NAME
- ACCOUNT_EMAIL
- ACCOUNT_ARN
- ACCOUNT_ORG
- ACCOUNT_TAGS
- REGION
- RESOURCE_ID
- RESOURCE_ARN
-
-
-#### AZURE
-
- TENANT_DOMAIN
- SUBSCRIPTION
- RESOURCE_ID
- RESOURCE_NAME
-
-
-#### GCP
-
- PROJECT_ID
- LOCATION
- RESOURCE_ID
- RESOURCE_NAME
-
-
-
+-  ACCOUNT_NAME
+-  ACCOUNT_EMAIL
+-  ACCOUNT_ARN
+-  ACCOUNT_ORG
+-  ACCOUNT_TAGS
+-  REGION
+-  CHECK_ID
+-  CHECK_TITLE
+-  CHECK_TYPE
+-  STATUS
+-  STATUS_EXTENDED
+-  SERVICE_NAME
+-  SUBSERVICE_NAME
+-  SEVERITY
+-  RESOURCE_ID
+-  RESOURCE_ARN
+-  RESOURCE_TYPE
+-  RESOURCE_DETAILS
+-  RESOURCE_TAGS
+-  DESCRIPTION
+-  COMPLIANCE
+-  RISK
+-  RELATED_URL
+-  REMEDIATION_RECOMMENDATION_TEXT
+-  REMEDIATION_RECOMMENDATION_URL
+-  REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC
+-  REMEDIATION_RECOMMENDATION_CODE_TERRAFORM
+-  REMEDIATION_RECOMMENDATION_CODE_CLI
+-  REMEDIATION_RECOMMENDATION_CODE_OTHER
+-  CATEGORIES
+-  DEPENDS_ON
+-  RELATED_TO
+-  NOTES

 > Since Prowler v3 the CSV column delimiter is the semicolon (`;`)
 ### JSON
@@ -41,7 +41,6 @@ nav:
      - Custom Metadata: tutorials/custom-checks-metadata.md
      - Ignore Unused Services: tutorials/ignore-unused-services.md
      - Pentesting: tutorials/pentesting.md
-      - Parallel Execution: tutorials/parallel-execution.md
      - Developer Guide: developer-guide/introduction.md
      - AWS:
          - Authentication: tutorials/aws/authentication.md
@@ -102,7 +101,7 @@ extra:
      link: https://twitter.com/prowlercloud

 # Copyright
-copyright: Copyright &copy; 2024 Toni de la Fuente, Maintained by the Prowler Team at ProwlerPro, Inc.</a>
+copyright: Copyright &copy; 2022 Toni de la Fuente, Maintained by the Prowler Team at Verica, Inc.</a>

 markdown_extensions:
  - abbr
@@ -468,6 +468,27 @@
    },
    {
      "Id": "2.1.1",
+      "Description": "Ensure all S3 buckets employ encryption-at-rest",
+      "Checks": [
+        "s3_bucket_default_encryption"
+      ],
+      "Attributes": [
+        {
+          "Section": "2.1. Simple Storage Service (S3)",
+          "Profile": "Level 2",
+          "AssessmentStatus": "Automated",
+          "Description": "Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest.",
+          "RationaleStatement": "Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.",
+          "ImpactStatement": "Amazon S3 buckets with default bucket encryption using SSE-KMS cannot be used as destination buckets for Amazon S3 server access logging. Only SSE-S3 default encryption is supported for server access log destination buckets.",
+          "RemediationProcedure": "**From Console:**  1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/  2. Select a Bucket. 3. Click on 'Properties'. 4. Click edit on `Default Encryption`. 5. Select either `AES-256`, `AWS-KMS`, `SSE-KMS` or `SSE-S3`. 6. Click `Save` 7. Repeat for all the buckets in your AWS account lacking encryption.  **From Command Line:**  Run either  ``` aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"AES256\"}}]}' ```  or  ``` aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"aws:kms\",\"KMSMasterKeyID\": \"aws/s3\"}}]}' ```  **Note:** the KMSMasterKeyID can be set to the master key of your choosing; aws/s3 is an AWS preconfigured default.",
+          "AuditProcedure": "**From Console:**  1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/  2. Select a Bucket. 3. Click on 'Properties'. 4. Verify that `Default Encryption` is enabled, and displays either `AES-256`, `AWS-KMS`, `SSE-KMS` or `SSE-S3`. 5. Repeat for all the buckets in your AWS account.  **From Command Line:**  1. Run command to list buckets ``` aws s3 ls ``` 2. For each bucket, run  ``` aws s3api get-bucket-encryption --bucket <bucket name> ``` 3. Verify that either  ``` \"SSEAlgorithm\": \"AES256\" ```  or  ``` \"SSEAlgorithm\": \"aws:kms\"```  is displayed.",
+          "AdditionalInformation": "S3 bucket encryption only applies to objects as they are placed in the bucket. Enabling S3 bucket encryption does **not** encrypt objects previously stored within the bucket.",
+          "References": "https://docs.aws.amazon.com/AmazonS3/latest/user-guide/default-bucket-encryption.html:https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-related-resources"
+        }
+      ]
+    },
+    {
+      "Id": "2.1.2",
      "Description": "Ensure S3 Bucket Policy is set to deny HTTP requests",
      "Checks": [
        "s3_bucket_secure_transport_policy"
@@ -488,7 +509,7 @@
      ]
    },
    {
-      "Id": "2.1.2",
+      "Id": "2.1.3",
      "Description": "Ensure MFA Delete is enabled on S3 buckets",
      "Checks": [
        "s3_bucket_no_mfa_delete"
@@ -509,7 +530,7 @@
      ]
    },
    {
-      "Id": "2.1.3",
+      "Id": "2.1.4",
      "Description": "Ensure all data in Amazon S3 has been discovered, classified and secured when required.",
      "Checks": [
        "macie_is_enabled"
@@ -530,7 +551,7 @@
      ]
    },
    {
-      "Id": "2.1.4",
+      "Id": "2.1.5",
      "Description": "Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'",
      "Checks": [
        "s3_bucket_level_public_access_block",
@@ -211,31 +211,6 @@
        "iam_avoid_root_usage"
      ]
    },
-    {
-      "Id": "op.acc.4.aws.iam.8",
-      "Description": "Proceso de gestión de derechos de acceso",
-      "Attributes": [
-        {
-          "IdGrupoControl": "op.acc.4",
-          "Marco": "operacional",
-          "Categoria": "control de acceso",
-          "DescripcionControl": "Se restringirá todo acceso a las acciones especificadas para el usuario root de una cuenta.",
-          "Nivel": "alto",
-          "Tipo": "requisito",
-          "Dimensiones": [
-            "confidencialidad",
-            "integridad",
-            "trazabilidad",
-            "autenticidad"
-          ],
-          "ModoEjecucion": "automático"
-        }
-      ],
-      "Checks": [
-        "organizations_account_part_of_organizations",
-        "organizations_scp_check_deny_regions"
-      ]
-    },
    {
      "Id": "op.acc.4.aws.iam.9",
      "Description": "Proceso de gestión de derechos de acceso",
@@ -814,8 +789,7 @@
        }
      ],
      "Checks": [
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
      ]
    },
    {
@@ -1147,30 +1121,6 @@
        "cloudtrail_insights_exist"
      ]
    },
-    {
-      "Id": "op.exp.8.r1.aws.ct.3",
-      "Description": "Revisión de los registros",
-      "Attributes": [
-        {
-          "IdGrupoControl": "op.exp.8.r1",
-          "Marco": "operacional",
-          "Categoria": "explotación",
-          "DescripcionControl": "Registrar los eventos de lectura y escritura de datos.",
-          "Nivel": "alto",
-          "Tipo": "refuerzo",
-          "Dimensiones": [
-            "trazabilidad"
-          ],
-          "ModoEjecucion": "automático"
-        }
-      ],
-      "Checks": [
-        "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled",
-        "cloudtrail_s3_dataevents_write_enabled",
-        "cloudtrail_s3_dataevents_read_enabled",
-        "cloudtrail_insights_exist"
-      ]
-    },
    {
      "Id": "op.exp.8.r1.aws.ct.4",
      "Description": "Revisión de los registros",
@@ -1283,33 +1233,6 @@
        "iam_role_cross_service_confused_deputy_prevention"
      ]
    },
-    {
-      "Id": "op.exp.8.r4.aws.ct.1",
-      "Description": "Control de acceso",
-      "Attributes": [
-        {
-          "IdGrupoControl": "op.exp.8.r4",
-          "Marco": "operacional",
-          "Categoria": "explotación",
-          "DescripcionControl": "Asignar correctamente las políticas AWS IAM para el acceso y borrado de los registros y sus copias de seguridad haciendo uso del principio de mínimo privilegio.",
-          "Nivel": "alto",
-          "Tipo": "refuerzo",
-          "Dimensiones": [
-            "trazabilidad"
-          ],
-          "ModoEjecucion": "automático"
-        }
-      ],
-      "Checks": [
-        "iam_policy_allows_privilege_escalation",
-        "iam_customer_attached_policy_no_administrative_privileges",
-        "iam_customer_unattached_policy_no_administrative_privilege",
-        "iam_no_custom_policy_permissive_role_assumption",
-        "iam_policy_attached_only_to_group_or_roles",
-        "iam_role_cross_service_confused_deputy_prevention",
-        "iam_policy_no_full_access_to_cloudtrail"
-      ]
-    },
    {
      "Id": "op.exp.8.r4.aws.ct.2",
      "Description": "Control de acceso",
@@ -1936,8 +1859,7 @@
        }
      ],
      "Checks": [
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
      ]
    },
    {
@@ -2012,8 +1934,7 @@
        }
      ],
      "Checks": [
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
      ]
    },
    {
@@ -2189,7 +2110,7 @@
        }
      ],
      "Checks": [
-        "fms_policy_compliant"
+        "networkfirewall_in_all_vpc"
      ]
    },
    {
@@ -2330,31 +2251,6 @@
        "cloudfront_distributions_https_enabled"
      ]
    },
-    {
-      "Id": "mp.com.4.aws.ws.1",
-      "Description": "Separación de flujos de información en la red",
-      "Attributes": [
-        {
-          "IdGrupoControl": "mp.com.4",
-          "Marco": "medidas de protección",
-          "Categoria": "segregación de redes",
-          "DescripcionControl": "Se deberán abrir solo los puertos necesarios para el uso del servicio AWS WorkSpaces.",
-          "Nivel": "alto",
-          "Tipo": "requisito",
-          "Dimensiones": [
-            "confidencialidad",
-            "integridad",
-            "trazabilidad",
-            "autenticidad",
-            "disponibilidad"
-          ],
-          "ModoEjecucion": "automático"
-        }
-      ],
-      "Checks": [
-        "workspaces_vpc_2private_1public_subnets_nat"
-      ]
-    },
    {
      "Id": "mp.com.4.aws.vpc.1",
      "Description": "Separación de flujos de información en la red",
@@ -2427,8 +2323,7 @@
        }
      ],
      "Checks": [
-        "vpc_subnet_separate_private_public",
-        "vpc_different_regions"
+        "vpc_subnet_separate_private_public"
      ]
    },
    {
@@ -2475,8 +2370,7 @@
        }
      ],
      "Checks": [
-        "vpc_subnet_different_az",
-        "vpc_different_regions"
+        "vpc_subnet_different_az"
      ]
    },
    {
@@ -29,8 +29,7 @@
        "securityhub_enabled",
        "elbv2_waf_acl_attached",
        "guardduty_is_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist",
+        "inspector2_findings_exist",
        "awslambda_function_not_publicly_accessible",
        "ec2_instance_public_ip"
      ],
@@ -577,8 +576,7 @@
        "config_recorder_all_regions_enabled",
        "securityhub_enabled",
        "guardduty_is_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
      ],
      "Attributes": [
        {
@@ -739,8 +737,7 @@
        "iam_user_hardware_mfa_enabled",
        "iam_user_mfa_enabled_console_access",
        "securityhub_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
      ],
      "Attributes": [
        {
@@ -1895,8 +1892,7 @@
        "networkfirewall_in_all_vpc",
        "elbv2_waf_acl_attached",
        "guardduty_is_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist",
+        "inspector2_findings_exist",
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
@@ -13,7 +13,7 @@
          "ItemId": "cc_1_1",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -27,7 +27,7 @@
          "ItemId": "cc_1_2",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -41,7 +41,7 @@
          "ItemId": "cc_1_3",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -62,7 +62,7 @@
          "ItemId": "cc_1_4",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -76,7 +76,7 @@
          "ItemId": "cc_1_5",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -90,7 +90,7 @@
          "ItemId": "cc_2_1",
          "Section": "CC2.0 - Common Criteria Related to Communication and Information",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -109,7 +109,7 @@
          "ItemId": "cc_2_2",
          "Section": "CC2.0 - Common Criteria Related to Communication and Information",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -123,7 +123,7 @@
          "ItemId": "cc_2_3",
          "Section": "CC2.0 - Common Criteria Related to Communication and Information",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -137,7 +137,7 @@
          "ItemId": "cc_3_1",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -155,7 +155,7 @@
          "ItemId": "cc_3_2",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -175,7 +175,7 @@
          "ItemId": "cc_3_3",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -189,7 +189,7 @@
          "ItemId": "cc_3_4",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "config",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -205,7 +205,7 @@
          "ItemId": "cc_4_1",
          "Section": "CC4.0 - Monitoring Activities",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -219,7 +219,7 @@
          "ItemId": "cc_4_2",
          "Section": "CC4.0 - Monitoring Activities",
          "Service": "guardduty",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -236,7 +236,7 @@
          "ItemId": "cc_5_1",
          "Section": "CC5.0 - Control Activities",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -250,7 +250,7 @@
          "ItemId": "cc_5_2",
          "Section": "CC5.0 - Control Activities",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -264,7 +264,7 @@
          "ItemId": "cc_5_3",
          "Section": "CC5.0 - Control Activities",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -278,7 +278,7 @@
          "ItemId": "cc_6_1",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "s3",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -294,7 +294,7 @@
          "ItemId": "cc_6_2",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "rds",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -310,7 +310,7 @@
          "ItemId": "cc_6_3",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "iam",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -328,7 +328,7 @@
          "ItemId": "cc_6_4",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -342,7 +342,7 @@
          "ItemId": "cc_6_5",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -356,7 +356,7 @@
          "ItemId": "cc_6_6",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "ec2",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -372,7 +372,7 @@
          "ItemId": "cc_6_7",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "acm",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -388,7 +388,7 @@
          "ItemId": "cc_6_8",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -405,7 +405,7 @@
          "ItemId": "cc_7_1",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -424,7 +424,7 @@
          "ItemId": "cc_7_2",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -460,7 +460,7 @@
          "ItemId": "cc_7_3",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -492,7 +492,7 @@
          "ItemId": "cc_7_4",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -523,7 +523,7 @@
          "ItemId": "cc_7_5",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -537,7 +537,7 @@
          "ItemId": "cc_8_1",
          "Section": "CC8.0 - Change Management",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -553,7 +553,7 @@
          "ItemId": "cc_9_1",
          "Section": "CC9.0 - Risk Mitigation",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -567,7 +567,7 @@
          "ItemId": "cc_9_2",
          "Section": "CC9.0 - Risk Mitigation",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -581,7 +581,7 @@
          "ItemId": "cc_a_1_1",
          "Section": "CCA1.0 - Additional Criterial for Availability",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -595,7 +595,7 @@
          "ItemId": "cc_a_1_2",
          "Section": "CCA1.0 - Additional Criterial for Availability",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -626,7 +626,7 @@
          "ItemId": "cc_a_1_3",
          "Section": "CCA1.0 - Additional Criterial for Availability",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -640,7 +640,7 @@
          "ItemId": "cc_c_1_1",
          "Section": "CCC1.0 - Additional Criterial for Confidentiality",
          "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -656,7 +656,7 @@
          "ItemId": "cc_c_1_2",
          "Section": "CCC1.0 - Additional Criterial for Confidentiality",
          "Service": "s3",
-          "Type": "automated"
+          "Soc_Type": "automated"
        }
      ],
      "Checks": [
@@ -672,7 +672,7 @@
          "ItemId": "p_1_1",
          "Section": "P1.0 - Privacy Criteria Related to Notice and Communication of Objectives Related to Privacy",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -686,7 +686,7 @@
          "ItemId": "p_2_1",
          "Section": "P2.0 - Privacy Criteria Related to Choice and Consent",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -700,7 +700,7 @@
          "ItemId": "p_3_1",
          "Section": "P3.0 - Privacy Criteria Related to Collection",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -714,7 +714,7 @@
          "ItemId": "p_3_2",
          "Section": "P3.0 - Privacy Criteria Related to Collection",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -728,7 +728,7 @@
          "ItemId": "p_4_1",
          "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -742,7 +742,7 @@
          "ItemId": "p_4_2",
          "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -756,7 +756,7 @@
          "ItemId": "p_4_3",
          "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -770,7 +770,7 @@
          "ItemId": "p_5_1",
          "Section": "P5.0 - Privacy Criteria Related to Access",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -784,7 +784,7 @@
          "ItemId": "p_5_2",
          "Section": "P5.0 - Privacy Criteria Related to Access",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -798,7 +798,7 @@
          "ItemId": "p_6_1",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -812,7 +812,7 @@
          "ItemId": "p_6_2",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -826,7 +826,7 @@
          "ItemId": "p_6_3",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -840,7 +840,7 @@
          "ItemId": "p_6_4",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -854,7 +854,7 @@
          "ItemId": "p_6_5",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -868,7 +868,7 @@
          "ItemId": "p_6_6",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -882,7 +882,7 @@
          "ItemId": "p_6_7",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -896,7 +896,7 @@
          "ItemId": "p_7_1",
          "Section": "P7.0 - Privacy Criteria Related to Quality",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -910,7 +910,7 @@
          "ItemId": "p_8_1",
          "Section": "P8.0 - Privacy Criteria Related to Monitoring and Enforcement",
          "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
        }
      ],
      "Checks": []
@@ -11,7 +11,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "3.13.0"
+prowler_version = "3.11.3"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 html_logo_img = "https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png"
 square_logo_img = "https://user-images.githubusercontent.com/38561120/235905862-9ece5bd7-9aa3-4e48-807a-3a9035eb8bfb.png"
@@ -69,8 +69,8 @@ aws:
  # AWS Organizations
  # organizations_scp_check_deny_regions
  # organizations_enabled_regions: [
-  #   "eu-central-1",
-  #   "eu-west-1",
+  #   'eu-central-1',
+  #   'eu-west-1',
  #   "us-east-1"
  # ]
  organizations_enabled_regions: []
@@ -4,7 +4,7 @@ from prowler.config.config import banner_color, orange_color, prowler_version, t


 def print_banner(args):
-    banner = rf"""{banner_color}                         _
+    banner = f"""{banner_color}                         _
 _ __  _ __ _____      _| | ___ _ __
 | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
 | |_) | | | (_) \ V  V /| |  __/ |
@@ -67,9 +67,9 @@ def bulk_load_compliance_frameworks(provider: str) -> dict:
                        # cis_v1.4_aws.json --> cis_v1.4_aws
                        compliance_framework_name = filename.split(".json")[0]
                        # Store the compliance info
-                        bulk_compliance_frameworks[compliance_framework_name] = (
-                            load_compliance_framework(file_path)
-                        )
+                        bulk_compliance_frameworks[
+                            compliance_framework_name
+                        ] = load_compliance_framework(file_path)
    except Exception as e:
        logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")

@@ -34,9 +34,7 @@ def load_checks_to_execute(
        for check, metadata in bulk_checks_metadata.items():
            # Aliases
            for alias in metadata.CheckAliases:
-                if alias not in check_aliases:
-                    check_aliases[alias] = []
-                check_aliases[alias].append(check)
+                check_aliases[alias] = check

            # Severities
            if metadata.Severity:
@@ -112,20 +110,15 @@ def update_checks_to_execute_with_aliases(
 ) -> set:
    """update_checks_to_execute_with_aliases returns the checks_to_execute updated using the check aliases."""
    # Verify if any input check is an alias of another check
-    try:
-        new_checks_to_execute = checks_to_execute.copy()
-        for input_check in checks_to_execute:
-            if input_check in check_aliases:
-                # Remove input check name and add the real one
-                new_checks_to_execute.remove(input_check)
-                for alias in check_aliases[input_check]:
-                    if alias not in new_checks_to_execute:
-                        new_checks_to_execute.add(alias)
-                        print(
-                            f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{alias}{Style.RESET_ALL}..."
-                        )
-        return new_checks_to_execute
-    except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
+    for input_check in checks_to_execute:
+        if (
+            input_check in check_aliases
+            and check_aliases[input_check] not in checks_to_execute
+        ):
+            # Remove input check name and add the real one
+            checks_to_execute.remove(input_check)
+            checks_to_execute.add(check_aliases[input_check])
+            print(
+                f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{check_aliases[input_check]}{Style.RESET_ALL}...\n"
+            )
+    return checks_to_execute
@@ -52,12 +52,12 @@ class ENS_Requirement_Attribute(BaseModel):
 class Generic_Compliance_Requirement_Attribute(BaseModel):
    """Generic Compliance Requirement Attribute"""

-    ItemId: Optional[str]
+    ItemId: str
    Section: Optional[str]
    SubSection: Optional[str]
    SubGroup: Optional[str]
-    Service: Optional[str]
-    Type: Optional[str]
+    Service: str
+    Soc_Type: Optional[str]


 class CIS_Requirement_Attribute_Profile(str):
@@ -330,7 +330,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                                Requirements_Attributes_SubSection=attribute.SubSection,
                                Requirements_Attributes_SubGroup=attribute.SubGroup,
                                Requirements_Attributes_Service=attribute.Service,
-                                Requirements_Attributes_Type=attribute.Type,
+                                Requirements_Attributes_Soc_Type=attribute.Soc_Type,
                                Status=finding.status,
                                StatusExtended=finding.status_extended,
                                ResourceId=finding.resource_id,
@@ -401,8 +401,7 @@ def display_compliance_table(
                                        "Bajo": 0,
                                    }
                                if finding.status == "FAIL":
-                                    if attribute.Tipo != "recomendacion":
-                                        fail_count += 1
+                                    fail_count += 1
                                    marcos[marco_categoria][
                                        "Estado"
                                    ] = f"{Fore.RED}NO CUMPLE{Style.RESET_ALL}"
@@ -444,8 +443,8 @@ def display_compliance_table(
                )
                overview_table = [
                    [
-                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) NO CUMPLE{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) CUMPLE{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) NO CUMPLE{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) CUMPLE{Style.RESET_ALL}",
                    ]
                ]
                print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -539,8 +538,8 @@ def display_compliance_table(
                )
                overview_table = [
                    [
-                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
                    ]
                ]
                print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -610,8 +609,8 @@ def display_compliance_table(
                )
                overview_table = [
                    [
-                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
                    ]
                ]
                print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -407,7 +407,7 @@ def get_azure_html_assessment_summary(audit_info):
        if isinstance(audit_info, Azure_Audit_Info):
            printed_subscriptions = []
            for key, value in audit_info.identity.subscriptions.items():
-                intermediate = f"{key} : {value}"
+                intermediate = key + " : " + value
                printed_subscriptions.append(intermediate)

            # check if identity is str(coming from SP) or dict(coming from browser or)
@@ -51,9 +51,9 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
        finding_output.GeneratorId = "prowler-" + finding.check_metadata.CheckID
        finding_output.AwsAccountId = audit_info.audited_account
        finding_output.Types = finding.check_metadata.CheckType
-        finding_output.FirstObservedAt = finding_output.UpdatedAt = (
-            finding_output.CreatedAt
-        ) = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
+        finding_output.FirstObservedAt = (
+            finding_output.UpdatedAt
+        ) = finding_output.CreatedAt = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
        finding_output.Severity = Severity(
            Label=finding.check_metadata.Severity.upper()
        )
@@ -55,9 +55,9 @@ def generate_provider_output_csv(
            data["resource_name"] = finding.resource_name
            data["subscription"] = finding.subscription
            data["tenant_domain"] = audit_info.identity.domain
-            data["finding_unique_id"] = (
-                f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.subscription}-{finding.resource_id}"
-            )
+            data[
+                "finding_unique_id"
+            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.subscription}-{finding.resource_id}"
            data["compliance"] = unroll_dict(
                get_check_compliance(finding, provider, output_options)
            )
@@ -68,9 +68,9 @@ def generate_provider_output_csv(
            data["resource_name"] = finding.resource_name
            data["project_id"] = finding.project_id
            data["location"] = finding.location.lower()
-            data["finding_unique_id"] = (
-                f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.project_id}-{finding.resource_id}"
-            )
+            data[
+                "finding_unique_id"
+            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.project_id}-{finding.resource_id}"
            data["compliance"] = unroll_dict(
                get_check_compliance(finding, provider, output_options)
            )
@@ -82,9 +82,9 @@ def generate_provider_output_csv(
            data["region"] = finding.region
            data["resource_id"] = finding.resource_id
            data["resource_arn"] = finding.resource_arn
-            data["finding_unique_id"] = (
-                f"prowler-{provider}-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{finding.resource_id}"
-            )
+            data[
+                "finding_unique_id"
+            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{finding.resource_id}"
            data["compliance"] = unroll_dict(
                get_check_compliance(finding, provider, output_options)
            )
@@ -614,8 +614,8 @@ class Check_Output_CSV_Generic_Compliance(BaseModel):
    Requirements_Attributes_Section: Optional[str]
    Requirements_Attributes_SubSection: Optional[str]
    Requirements_Attributes_SubGroup: Optional[str]
-    Requirements_Attributes_Service: Optional[str]
-    Requirements_Attributes_Type: Optional[str]
+    Requirements_Attributes_Service: str
+    Requirements_Attributes_Soc_Type: Optional[str]
    Status: str
    StatusExtended: str
    ResourceId: str
@@ -13,7 +13,7 @@ def send_slack_message(token, channel, stats, provider, audit_info):
        response = client.chat_postMessage(
            username="Prowler",
            icon_url=square_logo_img,
-            channel=f"#{channel}",
+            channel="#" + channel,
            blocks=create_message_blocks(identity, logo, stats),
        )
        return response
@@ -35,7 +35,7 @@ def create_message_identity(provider, audit_info):
        elif provider == "azure":
            printed_subscriptions = []
            for key, value in audit_info.identity.subscriptions.items():
-                intermediate = f"- *{key}: {value}*\n"
+                intermediate = "- *" + key + ": " + value + "*\n"
                printed_subscriptions.append(intermediate)
            identity = f"Azure Subscriptions:\n{''.join(printed_subscriptions)}"
            logo = azure_logo
@@ -66,14 +66,14 @@ def create_message_blocks(identity, logo, stats):
                "type": "section",
                "text": {
                    "type": "mrkdwn",
-                    "text": f"\n:white_check_mark: *{stats['total_pass']} Passed findings* ({round(stats['total_pass'] / stats['findings_count'] * 100 , 2)}%)\n",
+                    "text": f"\n:white_check_mark: *{stats['total_pass']} Passed findings* ({round(stats['total_pass']/stats['findings_count']*100,2)}%)\n",
                },
            },
            {
                "type": "section",
                "text": {
                    "type": "mrkdwn",
-                    "text": f"\n:x: *{stats['total_fail']} Failed findings* ({round(stats['total_fail'] / stats['findings_count'] * 100 , 2)}%)\n ",
+                    "text": f"\n:x: *{stats['total_fail']} Failed findings* ({round(stats['total_fail']/stats['findings_count']*100,2)}%)\n ",
                },
            },
            {
@@ -96,8 +96,8 @@ def display_summary_table(
            print("\nOverview Results:")
            overview_table = [
                [
-                    f"{Fore.RED}{round(fail_count / len(findings) * 100, 2)}% ({fail_count}) Failed{Style.RESET_ALL}",
-                    f"{Fore.GREEN}{round(pass_count / len(findings) * 100, 2)}% ({pass_count}) Passed{Style.RESET_ALL}",
+                    f"{Fore.RED}{round(fail_count/len(findings)*100, 2)}% ({fail_count}) Failed{Style.RESET_ALL}",
+                    f"{Fore.GREEN}{round(pass_count/len(findings)*100, 2)}% ({pass_count}) Passed{Style.RESET_ALL}",
                ]
            ]
            print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -10,10 +10,7 @@ from prowler.config.config import aws_services_json_file
 from prowler.lib.check.check import list_modules, recover_checks_from_service
 from prowler.lib.logger import logger
 from prowler.lib.utils.utils import open_file, parse_json_file
-from prowler.providers.aws.config import (
-    AWS_STS_GLOBAL_ENDPOINT_REGION,
-    ROLE_SESSION_NAME,
-)
+from prowler.providers.aws.config import AWS_STS_GLOBAL_ENDPOINT_REGION
 from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
 from prowler.providers.aws.lib.credentials.credentials import create_sts_session

@@ -116,15 +113,9 @@ def assume_role(
    sts_endpoint_region: str = None,
 ) -> dict:
    try:
-        role_session_name = (
-            assumed_role_info.role_session_name
-            if assumed_role_info.role_session_name
-            else ROLE_SESSION_NAME
-        )
-
        assume_role_arguments = {
            "RoleArn": assumed_role_info.role_arn,
-            "RoleSessionName": role_session_name,
+            "RoleSessionName": "ProwlerAsessmentSession",
            "DurationSeconds": assumed_role_info.session_duration,
        }

@@ -161,23 +152,21 @@ def input_role_mfa_token_and_code() -> tuple[str]:


 def generate_regional_clients(
-    service: str,
-    audit_info: AWS_Audit_Info,
+    service: str, audit_info: AWS_Audit_Info, global_service: bool = False
 ) -> dict:
-    """generate_regional_clients returns a dict with the following format for the given service:
-
-    Example:
-        {"eu-west-1": boto3_service_client}
-    """
    try:
        regional_clients = {}
        service_regions = get_available_aws_service_regions(service, audit_info)

+        # Check if it is global service to gather only one region
+        if global_service:
+            if service_regions:
+                if audit_info.profile_region in service_regions:
+                    service_regions = [audit_info.profile_region]
+                service_regions = service_regions[:1]
+
        # Get the regions enabled for the account and get the intersection with the service available regions
-        if audit_info.enabled_regions:
-            enabled_regions = service_regions.intersection(audit_info.enabled_regions)
-        else:
-            enabled_regions = service_regions
+        enabled_regions = service_regions.intersection(audit_info.enabled_regions)

        for region in enabled_regions:
            regional_client = audit_info.audit_session.client(
@@ -202,14 +191,10 @@ def get_aws_enabled_regions(audit_info: AWS_Audit_Info) -> set:
    ec2_client = audit_info.audit_session.client(service, region_name=default_region)

    enabled_regions = set()
-    try:
-        # With AllRegions=False we only get the enabled regions for the account
-        for region in ec2_client.describe_regions(AllRegions=False).get("Regions", []):
-            enabled_regions.add(region.get("RegionName"))
-    except Exception as error:
-        logger.warning(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-        )
+    # With AllRegions=False we only get the enabled regions for the account
+    for region in ec2_client.describe_regions(AllRegions=False).get("Regions", []):
+        enabled_regions.add(region.get("RegionName"))
+
    return enabled_regions


@@ -253,8 +238,6 @@ def get_checks_from_input_arn(audit_resources: list, provider: str) -> set:
                    service = "efs"
                elif service == "logs":
                    service = "cloudwatch"
-                elif service == "cognito":
-                    service = "cognito-idp"
                # Check if Prowler has checks in service
                try:
                    list_modules(provider, service)
@@ -311,6 +294,7 @@ def get_available_aws_service_regions(service: str, audit_info: AWS_Audit_Info)
    actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
    with open_file(f"{actual_directory}/{aws_services_json_file}") as f:
        data = parse_json_file(f)
+    # Check if it is a subservice
    json_regions = set(
        data["services"][service]["regions"][audit_info.audited_partition]
    )
@@ -1,3 +1,2 @@
 AWS_STS_GLOBAL_ENDPOINT_REGION = "us-east-1"
 BOTO3_USER_AGENT_EXTRA = "APN_1826889"
-ROLE_SESSION_NAME = "ProwlerAssessmentSession"
@@ -143,23 +143,29 @@ def is_allowlisted(
    finding_tags,
 ):
    try:
+        allowlisted_checks = {}
        # By default is not allowlisted
        is_finding_allowlisted = False
+        # First set account key from allowlist dict
+        if audited_account in allowlist["Accounts"]:
+            allowlisted_checks = allowlist["Accounts"][audited_account]["Checks"]
+        # If there is a *, it affects to all accounts
+        # This cannot be elif since in the case of * and single accounts we
+        # want to merge allowlisted checks from * to the other accounts check list
+        if "*" in allowlist["Accounts"]:
+            checks_multi_account = allowlist["Accounts"]["*"]["Checks"]
+            allowlisted_checks.update(checks_multi_account)

-        # We always check all the accounts present in the allowlist
-        # if one allowlists the finding we set the finding as allowlisted
-        for account in allowlist["Accounts"]:
-            if account == audited_account or account == "*":
-                if is_allowlisted_in_check(
-                    allowlist["Accounts"][account]["Checks"],
-                    audited_account,
-                    check,
-                    finding_region,
-                    finding_resource,
-                    finding_tags,
-                ):
-                    is_finding_allowlisted = True
-                    break
+        # Test if it is allowlisted
+        if is_allowlisted_in_check(
+            allowlisted_checks,
+            audited_account,
+            check,
+            finding_region,
+            finding_resource,
+            finding_tags,
+        ):
+            is_finding_allowlisted = True

        return is_finding_allowlisted
    except Exception as error:
@@ -199,11 +205,7 @@ def is_allowlisted_in_check(

            allowlisted_regions = allowlisted_check_info.get("Regions")
            allowlisted_resources = allowlisted_check_info.get("Resources")
-            allowlisted_tags = allowlisted_check_info.get("Tags", "*")
-            # We need to set the allowlisted_tags if None, "" or [], so the falsy helps
-            if not allowlisted_tags:
-                allowlisted_tags = "*"
-
+            allowlisted_tags = allowlisted_check_info.get("Tags")
            # If there is a *, it affects to all checks
            if (
                "*" == allowlisted_check
@@ -224,15 +226,13 @@ def is_allowlisted_in_check(
                # For a finding to be allowlisted requires the following set to True:
                # - allowlisted_in_check -> True
                # - allowlisted_in_region -> True
-                # - allowlisted_in_tags -> True
-                # - allowlisted_in_resource -> True
+                # - allowlisted_in_tags -> True or allowlisted_in_resource -> True
                # - excepted -> False

                if (
                    allowlisted_in_check
                    and allowlisted_in_region
-                    and allowlisted_in_tags
-                    and allowlisted_in_resource
+                    and (allowlisted_in_tags or allowlisted_in_resource)
                ):
                    is_check_allowlisted = True

@@ -310,17 +310,10 @@ def is_excepted(
            is_tag_excepted = __is_item_matched__(excepted_tags, finding_tags)

            if (
-                not is_account_excepted
-                and not is_region_excepted
-                and not is_resource_excepted
-                and not is_tag_excepted
-            ):
-                excepted = False
-            elif (
-                (is_account_excepted or not excepted_accounts)
-                and (is_region_excepted or not excepted_regions)
-                and (is_resource_excepted or not excepted_resources)
-                and (is_tag_excepted or not excepted_tags)
+                is_account_excepted
+                and is_region_excepted
+                and is_resource_excepted
+                and is_tag_excepted
            ):
                excepted = True
        return excepted
@@ -1,8 +1,6 @@
 from argparse import ArgumentTypeError, Namespace
-from re import fullmatch, search

 from prowler.providers.aws.aws_provider import get_aws_available_regions
-from prowler.providers.aws.config import ROLE_SESSION_NAME
 from prowler.providers.aws.lib.arn.arn import arn_type


@@ -28,13 +26,6 @@ def init_parser(self):
        help="ARN of the role to be assumed",
        # Pending ARN validation
    )
-    aws_auth_subparser.add_argument(
-        "--role-session-name",
-        nargs="?",
-        default=ROLE_SESSION_NAME,
-        help="An identifier for the assumed role session. Defaults to ProwlerAssessmentSession",
-        type=validate_role_session_name,
-    )
    aws_auth_subparser.add_argument(
        "--sts-endpoint-region",
        nargs="?",
@@ -93,11 +84,6 @@ def init_parser(self):
        action="store_true",
        help="Skip updating previous findings of Prowler in Security Hub",
    )
-    aws_security_hub_subparser.add_argument(
-        "--send-sh-only-fails",
-        action="store_true",
-        help="Send only Prowler failed findings to SecurityHub",
-    )
    # AWS Quick Inventory
    aws_quick_inventory_subparser = aws_parser.add_argument_group("Quick Inventory")
    aws_quick_inventory_subparser.add_argument(
@@ -113,7 +99,6 @@ def init_parser(self):
        "-B",
        "--output-bucket",
        nargs="?",
-        type=validate_bucket,
        default=None,
        help="Custom output bucket, requires -M <mode> and it can work also with -o flag.",
    )
@@ -121,7 +106,6 @@ def init_parser(self):
        "-D",
        "--output-bucket-no-assume",
        nargs="?",
-        type=validate_bucket,
        default=None,
        help="Same as -B but do not use the assumed role credentials to put objects to the bucket, instead uses the initial credentials.",
    )
@@ -195,37 +179,9 @@ def validate_arguments(arguments: Namespace) -> tuple[bool, str]:

    # Handle if session_duration is not the default value or external_id is set
    if (
-        (arguments.session_duration and arguments.session_duration != 3600)
-        or arguments.external_id
-        or arguments.role_session_name != ROLE_SESSION_NAME
-    ):
+        arguments.session_duration and arguments.session_duration != 3600
+    ) or arguments.external_id:
        if not arguments.role:
-            return (
-                False,
-                "To use -I/--external-id, -T/--session-duration or --role-session-name options -R/--role option is needed",
-            )
+            return (False, "To use -I/-T options -R option is needed")

    return (True, "")
-
-
-def validate_bucket(bucket_name):
-    """validate_bucket validates that the input bucket_name is valid"""
-    if search("(?!(^xn--|.+-s3alias$))^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", bucket_name):
-        return bucket_name
-    else:
-        raise ArgumentTypeError(
-            "Bucket name must be valid (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html)"
-        )
-
-
-def validate_role_session_name(session_name):
-    """
-    validates that the role session name is valid
-    Documentation: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
-    """
-    if fullmatch("[\w+=,.@-]{2,64}", session_name):
-        return session_name
-    else:
-        raise ArgumentTypeError(
-            "Role Session Name must be 2-64 characters long and consist only of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-"
-        )
@@ -30,7 +30,6 @@ current_audit_info = AWS_Audit_Info(
        session_duration=None,
        external_id=None,
        mfa_enabled=None,
-        role_session_name=None,
    ),
    mfa_enabled=None,
    audit_resources=None,
@@ -20,7 +20,6 @@ class AWS_Assume_Role:
    session_duration: int
    external_id: str
    mfa_enabled: bool
-    role_session_name: str


@dataclass
@@ -1,11 +1,8 @@
-def is_condition_block_restrictive(
-    condition_statement: dict, source_account: str, is_cross_account_allowed=False
+def is_account_only_allowed_in_condition(
+    condition_statement: dict, source_account: str
 ):
    """
-    is_condition_block_restrictive parses the IAM Condition policy block and, by default, returns True if the source_account passed as argument is within, False if not.
-
-    If argument is_cross_account_allowed is True it tests if the Condition block includes any of the operators allowlisted returning True if does, False if not.
-
+    is_account_only_allowed_in_condition parses the IAM Condition policy block and returns True if the source_account passed as argument is within, False if not.

    @param condition_statement: dict with an IAM Condition block, e.g.:
        {
@@ -57,16 +54,13 @@ def is_condition_block_restrictive(
                        condition_statement[condition_operator][value],
                        list,
                    ):
+                        # if there is an arn/account without the source account -> we do not consider it safe
+                        # here by default we assume is true and look for false entries
                        is_condition_key_restrictive = True
-                        # if cross account is not allowed check for each condition block looking for accounts
-                        # different than default
-                        if not is_cross_account_allowed:
-                            # if there is an arn/account without the source account -> we do not consider it safe
-                            # here by default we assume is true and look for false entries
-                            for item in condition_statement[condition_operator][value]:
-                                if source_account not in item:
-                                    is_condition_key_restrictive = False
-                                    break
+                        for item in condition_statement[condition_operator][value]:
+                            if source_account not in item:
+                                is_condition_key_restrictive = False
+                                break

                        if is_condition_key_restrictive:
                            is_condition_valid = True
@@ -76,13 +70,10 @@ def is_condition_block_restrictive(
                        condition_statement[condition_operator][value],
                        str,
                    ):
-                        if is_cross_account_allowed:
+                        if (
+                            source_account
+                            in condition_statement[condition_operator][value]
+                        ):
                            is_condition_valid = True
-                        else:
-                            if (
-                                source_account
-                                in condition_statement[condition_operator][value]
-                            ):
-                                is_condition_valid = True

    return is_condition_valid
@@ -211,13 +211,9 @@ def create_inventory_table(resources: list, resources_in_region: dict) -> dict:

 def create_output(resources: list, audit_info: AWS_Audit_Info, args):
    json_output = []
-    # Check if custom output filename was input, if not, set the default
-    if not hasattr(args, "output_filename") or args.output_filename is None:
-        output_file = (
-            f"prowler-inventory-{audit_info.audited_account}-{output_file_timestamp}"
-        )
-    else:
-        output_file = args.output_filename
+    output_file = (
+        f"prowler-inventory-{audit_info.audited_account}-{output_file_timestamp}"
+    )

    for item in sorted(resources, key=lambda d: d["arn"]):
        resource = {}
@@ -279,8 +275,8 @@ def create_output(resources: list, audit_info: AWS_Audit_Info, args):
        f"\n{Fore.YELLOW}WARNING: Only resources that have or have had tags will appear (except for IAM and S3).\nSee more in https://docs.prowler.cloud/en/latest/tutorials/quick-inventory/#objections{Style.RESET_ALL}"
    )
    print("\nMore details in files:")
-    print(f" - CSV: {args.output_directory}/{output_file + csv_file_suffix}")
-    print(f" - JSON: {args.output_directory}/{output_file + json_file_suffix}")
+    print(f" - CSV: {args.output_directory}/{output_file+csv_file_suffix}")
+    print(f" - JSON: {args.output_directory}/{output_file+json_file_suffix}")

    # Send output to S3 if needed (-B / -D)
    for mode in ["json", "csv"]:
@@ -1,3 +1,5 @@
+import sys
+
 from prowler.config.config import (
    csv_file_suffix,
    html_file_suffix,
@@ -27,7 +29,7 @@ def send_to_s3_bucket(
        else:  # Compliance output mode
            filename = f"{output_filename}_{output_mode}{csv_file_suffix}"

-        logger.info(f"Sending output file {filename} to S3 bucket {output_bucket_name}")
+        logger.info(f"Sending outputs to S3 bucket {output_bucket_name}")
        # File location
        file_name = output_directory + "/" + filename

@@ -39,9 +41,10 @@ def send_to_s3_bucket(
        s3_client.upload_file(file_name, output_bucket_name, object_name)

    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
        )
+        sys.exit(1)


 def get_s3_object_path(output_directory: str) -> str:
@@ -29,9 +29,7 @@ def prepare_security_hub_findings(
            continue

        # Handle quiet mode
-        if (
-            output_options.is_quiet or output_options.send_sh_only_fails
-        ) and finding.status != "FAIL":
+        if output_options.is_quiet and finding.status != "FAIL":
            continue

        # Get the finding region
@@ -1,21 +1,17 @@
-from concurrent.futures import ThreadPoolExecutor, as_completed
+import threading

-from prowler.lib.logger import logger
 from prowler.providers.aws.aws_provider import (
    generate_regional_clients,
    get_default_region,
 )
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info

-MAX_WORKERS = 10
-

 class AWSService:
    """The AWSService class offers a parent class for each AWS Service to generate:
    - AWS Regional Clients
    - Shared information like the account ID and ARN, the the AWS partition and the checks audited
    - AWS Session
-    - Thread pool for the __threading_call__
    - Also handles if the AWS Service is Global
    """

@@ -38,7 +34,9 @@ class AWSService:

        # Generate Regional Clients
        if not global_service:
-            self.regional_clients = generate_regional_clients(self.service, audit_info)
+            self.regional_clients = generate_regional_clients(
+                self.service, audit_info, global_service
+            )

        # Get a single region and client if the service needs it (e.g. AWS Global Service)
        # We cannot include this within an else because some services needs both the regional_clients
@@ -46,40 +44,14 @@ class AWSService:
        self.region = get_default_region(self.service, audit_info)
        self.client = self.session.client(self.service, self.region)

-        # Thread pool for __threading_call__
-        self.thread_pool = ThreadPoolExecutor(max_workers=MAX_WORKERS)
-
    def __get_session__(self):
        return self.session

-    def __threading_call__(self, call, iterator=None):
-        # Use the provided iterator, or default to self.regional_clients
-        items = iterator if iterator is not None else self.regional_clients.values()
-        # Determine the total count for logging
-        item_count = len(items)
-
-        # Trim leading and trailing underscores from the call's name
-        call_name = call.__name__.strip("_")
-        # Add Capitalization
-        call_name = " ".join([x.capitalize() for x in call_name.split("_")])
-
-        # Print a message based on the call's name, and if its regional or processing a list of items
-        if iterator is None:
-            logger.info(
-                f"{self.service.upper()} - Starting threads for '{call_name}' function across {item_count} regions..."
-            )
-        else:
-            logger.info(
-                f"{self.service.upper()} - Starting threads for '{call_name}' function to process {item_count} items..."
-            )
-
-        # Submit tasks to the thread pool
-        futures = [self.thread_pool.submit(call, item) for item in items]
-
-        # Wait for all tasks to complete
-        for future in as_completed(futures):
-            try:
-                future.result()  # Raises exceptions from the thread, if any
-            except Exception:
-                # Handle exceptions if necessary
-                pass  # Replace 'pass' with any additional exception handling logic. Currently handled within the called function
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
@@ -85,36 +85,21 @@ class AccessAnalyzer(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    # TODO: We need to include ListFindingsV2
-    # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/accessanalyzer/client/list_findings_v2.html
    def __list_findings__(self):
        logger.info("AccessAnalyzer - Listing Findings per Analyzer...")
        try:
            for analyzer in self.analyzers:
-                try:
-                    if analyzer.status == "ACTIVE":
-                        regional_client = self.regional_clients[analyzer.region]
-                        list_findings_paginator = regional_client.get_paginator(
-                            "list_findings"
-                        )
-                        for page in list_findings_paginator.paginate(
-                            analyzerArn=analyzer.arn
-                        ):
-                            for finding in page["findings"]:
-                                analyzer.findings.append(Finding(id=finding["id"]))
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "ValidationException":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                except Exception as error:
-                    logger.error(
-                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                if analyzer.status == "ACTIVE":
+                    regional_client = self.regional_clients[analyzer.region]
+                    list_findings_paginator = regional_client.get_paginator(
+                        "list_findings"
                    )
+                    for page in list_findings_paginator.paginate(
+                        analyzerArn=analyzer.arn
+                    ):
+                        for finding in page["findings"]:
+                            analyzer.findings.append(Finding(id=finding["id"]))
+
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -19,11 +19,7 @@ class acm_certificates_expiration_check(Check):
                report.resource_tags = certificate.tags
            else:
                report.status = "FAIL"
-                if certificate.expiration_days < 0:
-                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has expired ({abs(certificate.expiration_days)} days ago)."
-                else:
-                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {certificate.expiration_days} days."
-
+                report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {DAYS_TO_EXPIRE_THRESHOLD} days."
                report.resource_id = certificate.id
                report.resource_details = certificate.name
                report.resource_arn = certificate.arn
@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "apigateway_restapi_authorizers_enabled",
-  "CheckTitle": "Check if API Gateway has configured authorizers at api or method level.",
+  "CheckTitle": "Check if API Gateway has configured authorizers.",
  "CheckAliases": [
    "apigateway_authorizers_enabled"
  ],
@@ -13,7 +13,7 @@
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
  "ResourceType": "AwsApiGatewayRestApi",
-  "Description": "Check if API Gateway has configured authorizers at api or method level.",
+  "Description": "Check if API Gateway has configured authorizers.",
  "Risk": "If no authorizer is enabled anyone can use the service.",
  "RelatedUrl": "",
  "Remediation": {
@@ -13,41 +13,12 @@ class apigateway_restapi_authorizers_enabled(Check):
            report.resource_id = rest_api.name
            report.resource_arn = rest_api.arn
            report.resource_tags = rest_api.tags
-            # it there are not authorizers at api level and resources without methods (default case) ->
-            report.status = "FAIL"
-            report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have an authorizer configured at api level."
            if rest_api.authorizer:
                report.status = "PASS"
-                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has an authorizer configured at api level"
+                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has an authorizer configured."
            else:
-                # we want to know if api has not authorizers and all the resources don't have methods configured
-                resources_have_methods = False
-                all_methods_authorized = True
-                resource_paths_with_unathorized_methods = []
-                for resource in rest_api.resources:
-                    # if the resource has methods test if they have all configured authorizer
-                    if resource.resource_methods:
-                        resources_have_methods = True
-                        for (
-                            http_method,
-                            authorization_method,
-                        ) in resource.resource_methods.items():
-                            if authorization_method == "NONE":
-                                all_methods_authorized = False
-                                unauthorized_method = (
-                                    f"{resource.path} -> {http_method}"
-                                )
-                                resource_paths_with_unathorized_methods.append(
-                                    unauthorized_method
-                                )
-                # if there are methods in at least one resource and are all authorized
-                if all_methods_authorized and resources_have_methods:
-                    report.status = "PASS"
-                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has all methods authorized"
-                # if there are methods in at least one result but some of then are not authorized-> list it
-                elif not all_methods_authorized:
-                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have authorizers at api level and the following paths and methods are unauthorized: {'; '.join(resource_paths_with_unathorized_methods)}."
-
+                report.status = "FAIL"
+                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have an authorizer configured."
            findings.append(report)

        return findings
@@ -17,7 +17,6 @@ class APIGateway(AWSService):
        self.__get_authorizers__()
        self.__get_rest_api__()
        self.__get_stages__()
-        self.__get_resources__()

    def __get_rest_apis__(self, regional_client):
        logger.info("APIGateway - Getting Rest APIs...")
@@ -54,9 +53,7 @@ class APIGateway(AWSService):
                if authorizers:
                    rest_api.authorizer = True
        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
+            logger.error(f"{error.__class__.__name__}: {error}")

    def __get_rest_api__(self):
        logger.info("APIGateway - Describing Rest API...")
@@ -67,9 +64,7 @@ class APIGateway(AWSService):
                if rest_api_info["endpointConfiguration"]["types"] == ["PRIVATE"]:
                    rest_api.public_endpoint = False
        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
+            logger.error(f"{error.__class__.__name__}: {error}")

    def __get_stages__(self):
        logger.info("APIGateway - Getting stages for Rest APIs...")
@@ -100,46 +95,7 @@ class APIGateway(AWSService):
                        )
                    )
        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-    def __get_resources__(self):
-        logger.info("APIGateway - Getting API resources...")
-        try:
-            for rest_api in self.rest_apis:
-                regional_client = self.regional_clients[rest_api.region]
-                get_resources_paginator = regional_client.get_paginator("get_resources")
-                for page in get_resources_paginator.paginate(restApiId=rest_api.id):
-                    for resource in page["items"]:
-                        id = resource["id"]
-                        resource_methods = []
-                        methods_auth = {}
-                        for resource_method in resource.get(
-                            "resourceMethods", {}
-                        ).keys():
-                            resource_methods.append(resource_method)
-
-                        for resource_method in resource_methods:
-                            if resource_method != "OPTIONS":
-                                method_config = regional_client.get_method(
-                                    restApiId=rest_api.id,
-                                    resourceId=id,
-                                    httpMethod=resource_method,
-                                )
-                                auth_type = method_config["authorizationType"]
-                                methods_auth.update({resource_method: auth_type})
-
-                        rest_api.resources.append(
-                            PathResourceMethods(
-                                path=resource["path"], resource_methods=methods_auth
-                            )
-                        )
-
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
+            logger.error(f"{error.__class__.__name__}: {error}")


 class Stage(BaseModel):
@@ -151,11 +107,6 @@ class Stage(BaseModel):
    tags: Optional[list] = []


-class PathResourceMethods(BaseModel):
-    path: str
-    resource_methods: dict
-
-
 class RestAPI(BaseModel):
    id: str
    arn: str
@@ -165,4 +116,3 @@ class RestAPI(BaseModel):
    public_endpoint: bool = True
    stages: list[Stage] = []
    tags: Optional[list] = []
-    resources: list[PathResourceMethods] = []
@@ -14,13 +14,13 @@ class apigatewayv2_api_access_logging_enabled(Check):
                if stage.logging:
                    report.status = "PASS"
                    report.status_extended = f"API Gateway V2 {api.name} ID {api.id} in stage {stage.name} has access logging enabled."
-                    report.resource_id = f"{api.name}-{stage.name}"
+                    report.resource_id = api.name
                    report.resource_arn = api.arn
                    report.resource_tags = api.tags
                else:
                    report.status = "FAIL"
                    report.status_extended = f"API Gateway V2 {api.name} ID {api.id} in stage {stage.name} has access logging disabled."
-                    report.resource_id = f"{api.name}-{stage.name}"
+                    report.resource_id = api.name
                    report.resource_arn = api.arn
                    report.resource_tags = api.tags
                findings.append(report)
@@ -54,8 +54,10 @@ class Athena(AWSService):
                    )

                    wg_configuration = wg.get("WorkGroup").get("Configuration")
-                    self.workgroups[workgroup.arn].enforce_workgroup_configuration = (
-                        wg_configuration.get("EnforceWorkGroupConfiguration", False)
+                    self.workgroups[
+                        workgroup.arn
+                    ].enforce_workgroup_configuration = wg_configuration.get(
+                        "EnforceWorkGroupConfiguration", False
                    )

                    # We include an empty EncryptionConfiguration to handle if the workgroup does not have encryption configured
@@ -75,9 +77,9 @@ class Athena(AWSService):
                        encryption_configuration = EncryptionConfiguration(
                            encryption_option=encryption, encrypted=True
                        )
-                        self.workgroups[workgroup.arn].encryption_configuration = (
-                            encryption_configuration
-                        )
+                        self.workgroups[
+                            workgroup.arn
+                        ].encryption_configuration = encryption_configuration
                except Exception as error:
                    logger.error(
                        f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -11,55 +11,57 @@ from prowler.providers.aws.services.awslambda.awslambda_client import awslambda_
 class awslambda_function_no_secrets_in_code(Check):
    def execute(self):
        findings = []
-        if awslambda_client.functions:
-            for function, function_code in awslambda_client.__get_function_code__():
-                if function_code:
-                    report = Check_Report_AWS(self.metadata())
-                    report.region = function.region
-                    report.resource_id = function.name
-                    report.resource_arn = function.arn
-                    report.resource_tags = function.tags
+        for function in awslambda_client.functions.values():
+            if function.code:
+                report = Check_Report_AWS(self.metadata())
+                report.region = function.region
+                report.resource_id = function.name
+                report.resource_arn = function.arn
+                report.resource_tags = function.tags

-                    report.status = "PASS"
-                    report.status_extended = (
-                        f"No secrets found in Lambda function {function.name} code."
-                    )
-                    with tempfile.TemporaryDirectory() as tmp_dir_name:
-                        function_code.code_zip.extractall(tmp_dir_name)
-                        # List all files
-                        files_in_zip = next(os.walk(tmp_dir_name))[2]
-                        secrets_findings = []
-                        for file in files_in_zip:
-                            secrets = SecretsCollection()
-                            with default_settings():
-                                secrets.scan_file(f"{tmp_dir_name}/{file}")
-                            detect_secrets_output = secrets.json()
-                            if detect_secrets_output:
-                                for (
-                                    file_name
-                                ) in (
-                                    detect_secrets_output.keys()
-                                ):  # Appears that only 1 file is being scanned at a time, so could rework this
-                                    output_file_name = file_name.replace(
-                                        f"{tmp_dir_name}/", ""
-                                    )
-                                    secrets_string = ", ".join(
-                                        [
-                                            f"{secret['type']} on line {secret['line_number']}"
-                                            for secret in detect_secrets_output[
-                                                file_name
-                                            ]
-                                        ]
-                                    )
-                                    secrets_findings.append(
-                                        f"{output_file_name}: {secrets_string}"
-                                    )
+                report.status = "PASS"
+                report.status_extended = (
+                    f"No secrets found in Lambda function {function.name} code."
+                )
+                with tempfile.TemporaryDirectory() as tmp_dir_name:
+                    function.code.code_zip.extractall(tmp_dir_name)
+                    # List all files
+                    files_in_zip = next(os.walk(tmp_dir_name))[2]
+                    secrets_findings = []
+                    for file in files_in_zip:
+                        secrets = SecretsCollection()
+                        with default_settings():
+                            secrets.scan_file(f"{tmp_dir_name}/{file}")
+                        detect_secrets_output = secrets.json()
+                        if detect_secrets_output:
+                            for (
+                                file_name
+                            ) in (
+                                detect_secrets_output.keys()
+                            ):  # Appears that only 1 file is being scanned at a time, so could rework this
+                                output_file_name = file_name.replace(
+                                    f"{tmp_dir_name}/", ""
+                                )
+                                secrets_string = ", ".join(
+                                    [
+                                        f"{secret['type']} on line {secret['line_number']}"
+                                        for secret in detect_secrets_output[file_name]
+                                    ]
+                                )
+                                secrets_findings.append(
+                                    f"{output_file_name}: {secrets_string}"
+                                )

-                        if secrets_findings:
-                            final_output_string = "; ".join(secrets_findings)
-                            report.status = "FAIL"
-                            report.status_extended = f"Potential {'secrets' if len(secrets_findings) > 1 else 'secret'} found in Lambda function {function.name} code -> {final_output_string}."
+                    if secrets_findings:
+                        final_output_string = "; ".join(secrets_findings)
+                        report.status = "FAIL"
+                        # report.status_extended = f"Potential {'secrets' if len(secrets_findings)>1 else 'secret'} found in Lambda function {function.name} code. {final_output_string}."
+                        if len(secrets_findings) > 1:
+                            report.status_extended = f"Potential secrets found in Lambda function {function.name} code -> {final_output_string}."
+                        else:
+                            report.status_extended = f"Potential secret found in Lambda function {function.name} code -> {final_output_string}."
+                        # break // Don't break as there may be additional findings

-                    findings.append(report)
+                findings.append(report)

        return findings
@@ -42,7 +42,7 @@ class awslambda_function_no_secrets_in_variables(Check):
                    environment_variable_names = list(function.environment.keys())
                    secrets_string = ", ".join(
                        [
-                            f"{secret['type']} in variable {environment_variable_names[int(secret['line_number']) - 2]}"
+                            f"{secret['type']} in variable {environment_variable_names[int(secret['line_number'])-2]}"
                            for secret in detect_secrets_output[temp_env_data_file.name]
                        ]
                    )
@@ -1,7 +1,6 @@
 import io
 import json
 import zipfile
-from concurrent.futures import as_completed
 from enum import Enum
 from typing import Any, Optional

@@ -22,6 +21,15 @@ class Lambda(AWSService):
        self.functions = {}
        self.__threading_call__(self.__list_functions__)
        self.__list_tags_for_resource__()
+
+        # We only want to retrieve the Lambda code if the
+        # awslambda_function_no_secrets_in_code check is set
+        if (
+            "awslambda_function_no_secrets_in_code"
+            in audit_info.audit_metadata.expected_checks
+        ):
+            self.__threading_call__(self.__get_function__)
+
        self.__threading_call__(self.__get_policy__)
        self.__threading_call__(self.__get_function_url_config__)

@@ -62,45 +70,28 @@ class Lambda(AWSService):
                f" {error}"
            )

-    def __get_function_code__(self):
-        logger.info("Lambda - Getting Function Code...")
-        # Use a thread pool handle the queueing and execution of the __fetch_function_code__ tasks, up to max_workers tasks concurrently.
-        lambda_functions_to_fetch = {
-            self.thread_pool.submit(
-                self.__fetch_function_code__, function.name, function.region
-            ): function
-            for function in self.functions.values()
-        }
-
-        for fetched_lambda_code in as_completed(lambda_functions_to_fetch):
-            function = lambda_functions_to_fetch[fetched_lambda_code]
-            try:
-                function_code = fetched_lambda_code.result()
-                if function_code:
-                    yield function, function_code
-            except Exception as error:
-                logger.error(
-                    f"{function.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                )
-
-    def __fetch_function_code__(self, function_name, function_region):
+    def __get_function__(self, regional_client):
+        logger.info("Lambda - Getting Function...")
        try:
-            regional_client = self.regional_clients[function_region]
-            function_information = regional_client.get_function(
-                FunctionName=function_name
-            )
-            if "Location" in function_information["Code"]:
-                code_location_uri = function_information["Code"]["Location"]
-                raw_code_zip = requests.get(code_location_uri).content
-                return LambdaCode(
-                    location=code_location_uri,
-                    code_zip=zipfile.ZipFile(io.BytesIO(raw_code_zip)),
-                )
+            for function in self.functions.values():
+                if function.region == regional_client.region:
+                    function_information = regional_client.get_function(
+                        FunctionName=function.name
+                    )
+                    if "Location" in function_information["Code"]:
+                        code_location_uri = function_information["Code"]["Location"]
+                        raw_code_zip = requests.get(code_location_uri).content
+                        self.functions[function.arn].code = LambdaCode(
+                            location=code_location_uri,
+                            code_zip=zipfile.ZipFile(io.BytesIO(raw_code_zip)),
+                        )
+
        except Exception as error:
            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                f"{regional_client.region} --"
+                f" {error.__class__.__name__}[{error.__traceback__.tb_lineno}]:"
+                f" {error}"
            )
-            raise

    def __get_policy__(self, regional_client):
        logger.info("Lambda - Getting Policy...")
@@ -53,12 +53,12 @@ class CloudFront(AWSService):
                distributions[distribution_id].logging_enabled = distribution_config[
                    "DistributionConfig"
                ]["Logging"]["Enabled"]
-                distributions[distribution_id].geo_restriction_type = (
-                    GeoRestrictionType(
-                        distribution_config["DistributionConfig"]["Restrictions"][
-                            "GeoRestriction"
-                        ]["RestrictionType"]
-                    )
+                distributions[
+                    distribution_id
+                ].geo_restriction_type = GeoRestrictionType(
+                    distribution_config["DistributionConfig"]["Restrictions"][
+                        "GeoRestriction"
+                    ]["RestrictionType"]
                )
                distributions[distribution_id].web_acl_id = distribution_config[
                    "DistributionConfig"
@@ -78,9 +78,9 @@ class CloudFront(AWSService):
                        "DefaultCacheBehavior"
                    ].get("FieldLevelEncryptionId"),
                )
-                distributions[distribution_id].default_cache_config = (
-                    default_cache_config
-                )
+                distributions[
+                    distribution_id
+                ].default_cache_config = default_cache_config

        except Exception as error:
            logger.error(
@@ -140,16 +140,7 @@ class Cloudtrail(AWSService):
                                error.response["Error"]["Code"]
                                == "InsightNotEnabledException"
                            ):
-                                logger.warning(
-                                    f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                                )
-                            elif (
-                                error.response["Error"]["Code"]
-                                == "UnsupportedOperationException"
-                            ):
-                                logger.warning(
-                                    f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                                )
+                                continue
                            else:
                                logger.error(
                                    f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_changes_to_network_acls_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_changes_to_network_gateways_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "cloudwatch_changes_to_network_route_tables_alarm_configured",
-  "CheckTitle": "Ensure route table changes are monitored",
+  "CheckTitle": "Ensure a log metric filter and alarm exist for route table changes.",
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
  ],
@@ -10,8 +10,8 @@
  "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
  "Severity": "medium",
  "ResourceType": "AwsCloudTrailTrail",
-  "Description": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.",
-  "Risk": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.",
+  "Description": "Ensure a log metric filter and alarm exist for route table changes.",
+  "Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
  "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
  "Remediation": {
    "Code": {
@@ -21,12 +21,12 @@
      "Terraform": "https://docs.bridgecrew.io/docs/monitoring_13#fix---buildtime"
    },
    "Recommendation": {
-      "Text": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the <cloudtrail_log_group_name> taken from audit step 1. aws logs put-metric-filter --log-group-name <cloudtrail_log_group_name> -- filter-name `<route_table_changes_metric>` --metric-transformations metricName= `<route_table_changes_metric>` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name <sns_topic_name> Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn <sns_topic_arn> --protocol <protocol_for_sns> - -notification-endpoint <sns_subscription_endpoints> Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `<route_table_changes_alarm>` --metric-name `<route_table_changes_metric>` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>",
+      "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.",
      "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html"
    }
  },
  "Categories": [],
  "DependsOn": [],
  "RelatedTo": [],
-  "Notes": ""
+  "Notes": "Logging and Monitoring"
 }
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,15 +7,12 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


 class cloudwatch_changes_to_network_route_tables_alarm_configured(Check):
    def execute(self):
-        pattern = r"\$\.eventSource\s*=\s*.?ec2.amazonaws.com.+\$\.eventName\s*=\s*.?CreateRoute.+\$\.eventName\s*=\s*.?CreateRouteTable.+\$\.eventName\s*=\s*.?ReplaceRoute.+\$\.eventName\s*=\s*.?ReplaceRouteTableAssociation.+\$\.eventName\s*=\s*.?DeleteRouteTable.+\$\.eventName\s*=\s*.?DeleteRoute.+\$\.eventName\s*=\s*.?DisassociateRouteTable.?"
+        pattern = r"\$\.eventName\s*=\s*.?CreateRoute.+\$\.eventName\s*=\s*.?CreateRouteTable.+\$\.eventName\s*=\s*.?ReplaceRoute.+\$\.eventName\s*=\s*.?ReplaceRouteTableAssociation.+\$\.eventName\s*=\s*.?DeleteRouteTable.+\$\.eventName\s*=\s*.?DeleteRoute.+\$\.eventName\s*=\s*.?DisassociateRouteTable.?"
        findings = []
        report = Check_Report_AWS(self.metadata())
        report.status = "FAIL"
@@ -23,13 +22,26 @@ class cloudwatch_changes_to_network_route_tables_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_changes_to_vpcs_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -25,13 +24,26 @@ class cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_change
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -25,13 +24,26 @@ class cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_change
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_authentication_failures(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_aws_organizations_changes(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk(Chec
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,14 +22,26 @@ class cloudwatch_log_metric_filter_for_s3_bucket_policy_changes(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_policy_changes(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_root_usage(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_security_group_changes(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_sign_in_without_mfa(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -5,9 +7,6 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
-from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
-    check_cloudwatch_log_metric_filter,
-)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -23,13 +22,26 @@ class cloudwatch_log_metric_filter_unauthorized_api_calls(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            report,
-        )
+        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
+        log_groups = []
+        for trail in cloudtrail_client.trails:
+            if trail.log_group_arn:
+                log_groups.append(trail.log_group_arn.split(":")[6])
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in logs_client.metric_filters:
+            if metric_filter.log_group in log_groups:
+                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
+                    report.resource_id = metric_filter.log_group
+                    report.resource_arn = metric_filter.arn
+                    report.region = metric_filter.region
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
+                    # 3. Check if there is an alarm for the metric
+                    for alarm in cloudwatch_client.metric_alarms:
+                        if alarm.metric == metric_filter.metric:
+                            report.status = "PASS"
+                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
+                            break

        findings.append(report)
        return findings
@@ -218,9 +218,9 @@ class LogGroup(BaseModel):
    never_expire: bool
    kms_id: Optional[str]
    region: str
-    log_streams: dict[str, list[str]] = (
-        {}
-    )  # Log stream name as the key, array of events as the value
+    log_streams: dict[
+        str, list[str]
+    ] = {}  # Log stream name as the key, array of events as the value
    tags: Optional[list] = []


@@ -1,34 +0,0 @@
-import re
-
-from prowler.lib.check.models import Check_Report_AWS
-
-
-def check_cloudwatch_log_metric_filter(
-    metric_filter_pattern: str,
-    trails: list,
-    metric_filters: list,
-    metric_alarms: list,
-    report: Check_Report_AWS,
-):
-    # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-    log_groups = []
-    for trail in trails:
-        if trail.log_group_arn:
-            log_groups.append(trail.log_group_arn.split(":")[6])
-    # 2. Describe metric filters for previous log groups
-    for metric_filter in metric_filters:
-        if metric_filter.log_group in log_groups:
-            if re.search(metric_filter_pattern, metric_filter.pattern, flags=re.DOTALL):
-                report.resource_id = metric_filter.log_group
-                report.resource_arn = metric_filter.arn
-                report.region = metric_filter.region
-                report.status = "FAIL"
-                report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                # 3. Check if there is an alarm for the metric
-                for alarm in metric_alarms:
-                    if alarm.metric == metric_filter.metric:
-                        report.status = "PASS"
-                        report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                        break
-
-    return report
@@ -1,4 +0,0 @@
-from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
-from prowler.providers.aws.services.cognito.cognito_service import CognitoIDP
-
-cognito_idp_client = CognitoIDP(current_audit_info)
@@ -1,122 +0,0 @@
-from datetime import datetime
-from typing import Optional
-
-from pydantic import BaseModel
-
-from prowler.lib.logger import logger
-from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
-
-
-################## CognitoIDP
-class CognitoIDP(AWSService):
-    def __init__(self, audit_info):
-        super().__init__("cognito-idp", audit_info)
-        self.user_pools = {}
-        self.__threading_call__(self.__list_user_pools__)
-        self.__describe_user_pools__()
-        self.__get_user_pool_mfa_config__()
-
-    def __list_user_pools__(self, regional_client):
-        logger.info("Cognito - Listing User Pools...")
-        try:
-            user_pools_paginator = regional_client.get_paginator("list_user_pools")
-            for page in user_pools_paginator.paginate(MaxResults=60):
-                for user_pool in page["UserPools"]:
-                    arn = f"arn:{self.audited_partition}:cognito-idp:{regional_client.region}:{self.audited_account}:userpool/{user_pool['Id']}"
-                    if not self.audit_resources or (
-                        is_resource_filtered(arn, self.audit_resources)
-                    ):
-                        try:
-                            self.user_pools[arn] = UserPool(
-                                id=user_pool["Id"],
-                                arn=arn,
-                                name=user_pool["Name"],
-                                region=regional_client.region,
-                                last_modified=user_pool["LastModifiedDate"],
-                                creation_date=user_pool["CreationDate"],
-                                status=user_pool.get("Status", "Disabled"),
-                            )
-                        except Exception as error:
-                            logger.error(
-                                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                            )
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-    def __describe_user_pools__(self):
-        logger.info("Cognito - Describing User Pools...")
-        try:
-            for user_pool in self.user_pools.values():
-                try:
-                    user_pool_details = self.regional_clients[
-                        user_pool.region
-                    ].describe_user_pool(UserPoolId=user_pool.id)["UserPool"]
-                    user_pool.password_policy = user_pool_details.get(
-                        "Policies", {}
-                    ).get("PasswordPolicy", {})
-                    user_pool.deletion_protection = user_pool_details.get(
-                        "DeletionProtection", "INACTIVE"
-                    )
-                    user_pool.advanced_security_mode = user_pool_details.get(
-                        "UserPoolAddOns", {}
-                    ).get("AdvancedSecurityMode", "OFF")
-                    user_pool.tags = [user_pool_details.get("UserPoolTags", "")]
-                except Exception as error:
-                    logger.error(
-                        f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
-        except Exception as error:
-            logger.error(
-                f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-    def __get_user_pool_mfa_config__(self):
-        logger.info("Cognito - Getting User Pool MFA Configuration...")
-        try:
-            for user_pool in self.user_pools.values():
-                try:
-                    mfa_config = self.regional_clients[
-                        user_pool.region
-                    ].get_user_pool_mfa_config(UserPoolId=user_pool.id)
-                    if mfa_config["MfaConfiguration"] != "OFF":
-                        user_pool.mfa_config = MFAConfig(
-                            sms_authentication=mfa_config.get(
-                                "SmsMfaConfiguration", {}
-                            ),
-                            software_token_mfa_authentication=mfa_config.get(
-                                "SoftwareTokenMfaConfiguration", {}
-                            ),
-                            status=mfa_config["MfaConfiguration"],
-                        )
-                except Exception as error:
-                    logger.error(
-                        f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
-        except Exception as error:
-            logger.error(
-                f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-
-class MFAConfig(BaseModel):
-    sms_authentication: Optional[dict]
-    software_token_mfa_authentication: Optional[dict]
-    status: str
-
-
-class UserPool(BaseModel):
-    id: str
-    arn: str
-    name: str
-    region: str
-    advanced_security_mode: str = "OFF"
-    deletion_protection: str = "INACTIVE"
-    last_modified: datetime
-    creation_date: datetime
-    status: str
-    password_policy: Optional[dict]
-    mfa_config: Optional[MFAConfig]
-    tags: Optional[list] = []
@@ -17,7 +17,7 @@ class EC2(AWSService):
        super().__init__(__class__.__name__, audit_info)
        self.instances = []
        self.__threading_call__(self.__describe_instances__)
-        self.__threading_call__(self.__get_instance_user_data__, self.instances)
+        self.__get_instance_user_data__()
        self.security_groups = []
        self.regions_with_sgs = []
        self.__threading_call__(self.__describe_security_groups__)
@@ -27,7 +27,7 @@ class EC2(AWSService):
        self.volumes_with_snapshots = {}
        self.regions_with_snapshots = {}
        self.__threading_call__(self.__describe_snapshots__)
-        self.__threading_call__(self.__determine_public_snapshots__, self.snapshots)
+        self.__get_snapshot_public__()
        self.network_interfaces = []
        self.__threading_call__(self.__describe_public_network_interfaces__)
        self.__threading_call__(self.__describe_sg_network_interfaces__)
@@ -36,11 +36,12 @@ class EC2(AWSService):
        self.volumes = []
        self.__threading_call__(self.__describe_volumes__)
        self.ebs_encryption_by_default = []
-        self.__threading_call__(self.__get_ebs_encryption_settings__)
+        self.__threading_call__(self.__get_ebs_encryption_by_default__)
        self.elastic_ips = []
-        self.__threading_call__(self.__describe_ec2_addresses__)
+        self.__threading_call__(self.__describe_addresses__)

    def __describe_instances__(self, regional_client):
+        logger.info("EC2 - Describing EC2 Instances...")
        try:
            describe_instances_paginator = regional_client.get_paginator(
                "describe_instances"
@@ -105,6 +106,7 @@ class EC2(AWSService):
            )

    def __describe_security_groups__(self, regional_client):
+        logger.info("EC2 - Describing Security Groups...")
        try:
            describe_security_groups_paginator = regional_client.get_paginator(
                "describe_security_groups"
@@ -153,6 +155,7 @@ class EC2(AWSService):
            )

    def __describe_network_acls__(self, regional_client):
+        logger.info("EC2 - Describing Network ACLs...")
        try:
            describe_network_acls_paginator = regional_client.get_paginator(
                "describe_network_acls"
@@ -183,6 +186,7 @@ class EC2(AWSService):
            )

    def __describe_snapshots__(self, regional_client):
+        logger.info("EC2 - Describing Snapshots...")
        try:
            snapshots_in_region = False
            describe_snapshots_paginator = regional_client.get_paginator(
@@ -215,30 +219,35 @@ class EC2(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    def __determine_public_snapshots__(self, snapshot):
-        try:
-            regional_client = self.regional_clients[snapshot.region]
-            snapshot_public = regional_client.describe_snapshot_attribute(
-                Attribute="createVolumePermission", SnapshotId=snapshot.id
-            )
-            for permission in snapshot_public["CreateVolumePermissions"]:
-                if "Group" in permission:
-                    if permission["Group"] == "all":
-                        snapshot.public = True
-
-        except ClientError as error:
-            if error.response["Error"]["Code"] == "InvalidSnapshot.NotFound":
-                logger.warning(
-                    f"{snapshot.region} --"
-                    f" {error.__class__.__name__}[{error.__traceback__.tb_lineno}]:"
-                    f" {error}"
+    def __get_snapshot_public__(self):
+        logger.info("EC2 - Getting snapshot volume attribute permissions...")
+        for snapshot in self.snapshots:
+            try:
+                regional_client = self.regional_clients[snapshot.region]
+                snapshot_public = regional_client.describe_snapshot_attribute(
+                    Attribute="createVolumePermission", SnapshotId=snapshot.id
+                )
+                for permission in snapshot_public["CreateVolumePermissions"]:
+                    if "Group" in permission:
+                        if permission["Group"] == "all":
+                            snapshot.public = True
+
+            except ClientError as error:
+                if error.response["Error"]["Code"] == "InvalidSnapshot.NotFound":
+                    logger.warning(
+                        f"{snapshot.region} --"
+                        f" {error.__class__.__name__}[{error.__traceback__.tb_lineno}]:"
+                        f" {error}"
+                    )
+                    continue
+
+            except Exception as error:
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                )
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )

    def __describe_public_network_interfaces__(self, regional_client):
+        logger.info("EC2 - Describing Network Interfaces...")
        try:
            # Get Network Interfaces with Public IPs
            describe_network_interfaces_paginator = regional_client.get_paginator(
@@ -265,6 +274,7 @@ class EC2(AWSService):
            )

    def __describe_sg_network_interfaces__(self, regional_client):
+        logger.info("EC2 - Describing Network Interfaces...")
        try:
            # Get Network Interfaces for Security Groups
            for sg in self.security_groups:
@@ -289,25 +299,30 @@ class EC2(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    def __get_instance_user_data__(self, instance):
-        try:
-            regional_client = self.regional_clients[instance.region]
-            user_data = regional_client.describe_instance_attribute(
-                Attribute="userData", InstanceId=instance.id
-            )["UserData"]
-            if "Value" in user_data:
-                instance.user_data = user_data["Value"]
-        except ClientError as error:
-            if error.response["Error"]["Code"] == "InvalidInstanceID.NotFound":
-                logger.warning(
+    def __get_instance_user_data__(self):
+        logger.info("EC2 - Getting instance user data...")
+        for instance in self.instances:
+            try:
+                regional_client = self.regional_clients[instance.region]
+                user_data = regional_client.describe_instance_attribute(
+                    Attribute="userData", InstanceId=instance.id
+                )["UserData"]
+                if "Value" in user_data:
+                    instance.user_data = user_data["Value"]
+
+            except ClientError as error:
+                if error.response["Error"]["Code"] == "InvalidInstanceID.NotFound":
+                    logger.warning(
+                        f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                    )
+                    continue
+            except Exception as error:
+                logger.error(
                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                )
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )

    def __describe_images__(self, regional_client):
+        logger.info("EC2 - Describing Images...")
        try:
            for image in regional_client.describe_images(Owners=["self"])["Images"]:
                arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:image/{image['ImageId']}"
@@ -330,6 +345,7 @@ class EC2(AWSService):
            )

    def __describe_volumes__(self, regional_client):
+        logger.info("EC2 - Describing Volumes...")
        try:
            describe_volumes_paginator = regional_client.get_paginator(
                "describe_volumes"
@@ -354,7 +370,8 @@ class EC2(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    def __describe_ec2_addresses__(self, regional_client):
+    def __describe_addresses__(self, regional_client):
+        logger.info("EC2 - Describing Elastic IPs...")
        try:
            for address in regional_client.describe_addresses()["Addresses"]:
                public_ip = None
@@ -385,7 +402,8 @@ class EC2(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    def __get_ebs_encryption_settings__(self, regional_client):
+    def __get_ebs_encryption_by_default__(self, regional_client):
+        logger.info("EC2 - Get EBS Encryption By Default...")
        try:
            volumes_in_region = False
            for volume in self.volumes:
@@ -4,6 +4,7 @@ from pydantic import BaseModel

 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
+from prowler.providers.aws.aws_provider import generate_regional_clients
 from prowler.providers.aws.lib.service.service import AWSService


@@ -12,6 +13,7 @@ class EKS(AWSService):
    def __init__(self, audit_info):
        # Call AWSService's __init__
        super().__init__(__class__.__name__, audit_info)
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
        self.clusters = []
        self.__threading_call__(self.__list_clusters__)
        self.__describe_cluster__(self.regional_clients)
@@ -1,6 +1,5 @@
 from typing import Optional

-from botocore.exceptions import ClientError
 from pydantic import BaseModel

 from prowler.lib.logger import logger
@@ -74,15 +73,7 @@ class ElastiCache(AWSService):
                    cluster.tags = regional_client.list_tags_for_resource(
                        ResourceName=cluster.arn
                    )["TagList"]
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "CacheClusterNotFound":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
+
                except Exception as error:
                    logger.error(
                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -33,7 +33,7 @@ class elbv2_insecure_ssl_ciphers(Check):
                    and listener.ssl_policy not in secure_ssl_policies
                ):
                    report.status = "FAIL"
-                    report.status_extended = f"ELBv2 {lb.name} has listeners with insecure SSL protocols or ciphers ({listener.ssl_policy})."
+                    report.status_extended = f"ELBv2 {lb.name} has listeners with insecure SSL protocols or ciphers."

            findings.append(report)

@@ -108,9 +108,9 @@ class EMR(AWSService):
                    master_public_dns_name = cluster_info["Cluster"].get(
                        "MasterPublicDnsName"
                    )
-                    self.clusters[cluster.id].master_public_dns_name = (
-                        master_public_dns_name
-                    )
+                    self.clusters[
+                        cluster.id
+                    ].master_public_dns_name = master_public_dns_name
                    # Set cluster Public/Private
                    # Public EMR cluster have their DNS ending with .amazonaws.com
                    # while private ones have format of ip-xxx-xx-xx.us-east-1.compute.internal.
@@ -136,12 +136,12 @@ class EMR(AWSService):
                regional_client.get_block_public_access_configuration()
            )

-            self.block_public_access_configuration[regional_client.region] = (
-                BlockPublicAccessConfiguration(
-                    block_public_security_group_rules=block_public_access_configuration[
-                        "BlockPublicAccessConfiguration"
-                    ]["BlockPublicSecurityGroupRules"]
-                )
+            self.block_public_access_configuration[
+                regional_client.region
+            ] = BlockPublicAccessConfiguration(
+                block_public_security_group_rules=block_public_access_configuration[
+                    "BlockPublicAccessConfiguration"
+                ]["BlockPublicSecurityGroupRules"]
            )
        except Exception as error:
            logger.error(
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pepe Fagoaga	70fde82284	test(audit_info): refactor	2023-12-04 15:57:04 +01:00
Pepe Fagoaga	620de6f68e	test(audit_info): refactor rest	2023-12-04 14:36:45 +01:00
Pepe Fagoaga	20495d2b1f	test(audit_info): refactor cloudformation	2023-12-04 14:07:45 +01:00
Pepe Fagoaga	2db9c359a0	test(audit_info): refactor backup	2023-12-04 14:03:17 +01:00
Pepe Fagoaga	1584ac3dec	test(audit_info): refactor awslambda	2023-12-04 13:52:04 +01:00
Pepe Fagoaga	5cf72e5a27	test(audit_info): refactor autoscaling	2023-12-04 13:43:47 +01:00
Pepe Fagoaga	de01f45f6e	test(audit_info): refactor athena	2023-12-04 13:37:51 +01:00
Pepe Fagoaga	be24317733	test(audit_info): refactor appstream	2023-12-04 13:31:56 +01:00
Pepe Fagoaga	e7b2b344e8	test(audit_info): refactor apigatewayv2	2023-12-04 13:29:30 +01:00
Pepe Fagoaga	34c01d2ee4	test(audit_info): refactor apigateway	2023-12-04 13:15:42 +01:00
Pepe Fagoaga	3a0dcba279	test(audit_info): refactor	2023-12-04 13:04:02 +01:00
Pepe Fagoaga	dda8c0264c	fix(enabled-regions): Set at audit info level	2023-12-04 12:09:27 +01:00
Pepe Fagoaga	f1cea0c3cd	chore(enabled-regions): Add comment	2023-12-04 10:32:58 +01:00
Pepe Fagoaga	f7766fa4de	fix(aws_regions): Get enabled regions	2023-12-01 16:36:56 +01:00