chore(release): 3.15.0

2026-03-27 18:38:52 +00:00 · 2024-03-14 15:58:55 +00:00
802 changed files with 5777 additions and 29236 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,5 +1 @@
-* @prowler-cloud/sdk @prowler-cloud/detection-and-remediation
-
-# To protect a repository fully against unauthorized changes, you also need to define an owner for the CODEOWNERS file itself.
-# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection
-/.github/ @prowler-cloud/sdk
+* @prowler-cloud/prowler-oss
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,67 +13,8 @@ updates:
    labels:
      - "dependencies"
      - "pip"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    target-branch: master
-    labels:
-      - "dependencies"
-      - "github_actions"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "npm"
-
-  # v4.6
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "pip"
-      - "v4"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "github_actions"
-      - "v4"
-
-  # v3
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 10
-    target-branch: v3
-    labels:
-      - "dependencies"
-      - "pip"
-      - "v3"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 10
-    target-branch: v3
-    labels:
-      - "dependencies"
-      - "github_actions"
-      - "v3"
--- a/.github/workflows/build-documentation-on-pr.yml
+++ b/.github/workflows/build-documentation-on-pr.yml
@@ -4,7 +4,7 @@ on:
  pull_request:
    branches:
      - 'master'
-      - 'v3'
+      - 'prowler-4.0-dev'
    paths:
      - 'docs/**'

--- a/.github/workflows/build-lint-push-containers.yml
+++ b/.github/workflows/build-lint-push-containers.yml
@@ -3,7 +3,6 @@ name: build-lint-push-containers
 on:
  push:
    branches:
-      - "v3"
      - "master"
    paths-ignore:
      - ".github/**"
@@ -14,82 +13,43 @@ on:
    types: [published]

 env:
-  # AWS Configuration
  AWS_REGION_STG: eu-west-1
  AWS_REGION_PLATFORM: eu-west-1
  AWS_REGION: us-east-1
-
-  # Container's configuration
  IMAGE_NAME: prowler
-  DOCKERFILE_PATH: ./Dockerfile
-
-  # Tags
  LATEST_TAG: latest
  STABLE_TAG: stable
-  # The RELEASE_TAG is set during runtime in releases
-  RELEASE_TAG: ""
-  # The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
-  PROWLER_VERSION: ""
-  PROWLER_VERSION_MAJOR: ""
-  # TEMPORARY_TAG: temporary
-
-  # Python configuration
-  PYTHON_VERSION: 3.12
+  TEMPORARY_TAG: temporary
+  DOCKERFILE_PATH: ./Dockerfile
+  PYTHON_VERSION: 3.9

 jobs:
  # Build Prowler OSS container
  container-build-push:
    # needs: dockerfile-linter
    runs-on: ubuntu-latest
-    outputs:
-      prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
-      prowler_version: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION }}
    env:
      POETRY_VIRTUALENVS_CREATE: "false"
-
    steps:
      - name: Checkout
        uses: actions/checkout@v4

-      - name: Setup Python
+      - name: Setup python (release)
+        if: github.event_name == 'release'
        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}

-      - name: Install Poetry
+      - name: Install dependencies (release)
+        if: github.event_name == 'release'
        run: |
-          pipx install poetry==1.8.5
+          pipx install poetry
          pipx inject poetry poetry-bumpversion

-      - name: Get Prowler version
-        id: get-prowler-version
+      - name: Update Prowler version (release)
+        if: github.event_name == 'release'
        run: |
-          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Store prowler version major just for the release
-          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
-
-          case ${PROWLER_VERSION_MAJOR} in
-          3)
-              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
-              ;;
-
-          4)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
-              ;;
-
-          *)
-              # Fallback if any other version is present
-              echo "Releasing another Prowler major version, aborting..."
-              exit 1
-              ;;
-          esac
+          poetry version ${{ github.event.release.tag_name }}

      - name: Login to DockerHub
        uses: docker/login-action@v3
@@ -111,7 +71,7 @@ jobs:

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
        with:
          push: true
          tags: |
@@ -123,16 +83,16 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
          context: .
          push: true
          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
          file: ${{ env.DOCKERFILE_PATH }}
          cache-from: type=gha
@@ -142,26 +102,16 @@ jobs:
    needs: container-build-push
    runs-on: ubuntu-latest
    steps:
-      - name: Get latest commit info (latest)
+      - name: Get latest commit info
        if: github.event_name == 'push'
        run: |
          LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
          echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
-
-      - name: Dispatch event (latest)
-        if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
+      - name: Dispatch event for latest
+        if: github.event_name == 'push'
        run: |
-          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
-
-      - name: Dispatch event (release)
-        if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
+      - name: Dispatch event for release
+        if: github.event_name == 'release'
        run: |
-          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ github.event.release.tag_name }}"}}'
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,10 +13,10 @@ name: "CodeQL"

 on:
  push:
-    branches: [ "master", "v3" ]
+    branches: [ "master", "prowler-4.0-dev" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [ "master", "v3" ]
+    branches: [ "master", "prowler-4.0-dev" ]
  schedule:
    - cron: '00 12 * * *'

--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -11,9 +11,8 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.88.4
+        uses: trufflesecurity/trufflehog@v3.69.0
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
          head: HEAD
-          extra_args: --only-verified
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -4,7 +4,7 @@ on:
    pull_request_target:
      branches:
        - "master"
-        - "v3"
+        - "prowler-4.0-dev"

 jobs:
  labeler:
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -4,11 +4,11 @@ on:
  push:
    branches:
      - "master"
-      - "v3"
+      - "prowler-4.0-dev"
  pull_request:
    branches:
      - "master"
-      - "v3"
+      - "prowler-4.0-dev"
 jobs:
  build:
    runs-on: ubuntu-latest
@@ -20,7 +20,7 @@ jobs:
      - uses: actions/checkout@v4
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v45
+        uses: tj-actions/changed-files@v42
        with:
          files: ./**
          files_ignore: |
@@ -33,7 +33,7 @@ jobs:
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
+          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: actions/setup-python@v5
@@ -73,7 +73,7 @@ jobs:
      - name: Safety
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry run safety check --ignore 70612
+          poetry run safety check
      - name: Vulture
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
@@ -88,6 +88,6 @@ jobs:
          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/pypi-release.yml
@@ -6,8 +6,7 @@ on:

 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: 3.11
-  CACHE: "poetry"
+  GITHUB_BRANCH: master

 jobs:
  release-prowler-job:
@@ -16,51 +15,56 @@ jobs:
      POETRY_VIRTUALENVS_CREATE: "false"
    name: Release Prowler to PyPI
    steps:
-      - name: Get Prowler version
-        run: |
-          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
-
-          case ${PROWLER_VERSION%%.*} in
-          3)
-              echo "Releasing Prowler v3 with tag ${PROWLER_VERSION}"
-              ;;
-          4)
-              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
-              ;;
-          *)
-              echo "Releasing another Prowler major version, aborting..."
-              exit 1
-              ;;
-          esac
-
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v4
-
+        with:
+          ref: ${{ env.GITHUB_BRANCH }}
      - name: Install dependencies
        run: |
-          pipx install poetry==1.8.5
-
-      - name: Setup Python
+          pipx install poetry
+          pipx inject poetry poetry-bumpversion
+      - name: setup python
        uses: actions/setup-python@v5
        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: ${{ env.CACHE }}
-
-      - name: Build Prowler package
+          python-version: 3.9
+          cache: 'poetry'
+      - name: Change version and Build package
        run: |
+          poetry version ${{ env.RELEASE_TAG }}
+          git config user.name "github-actions"
+          git config user.email "<noreply@github.com>"
+          git add prowler/config/config.py pyproject.toml
+          git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify
+          git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}"
+          git push -f origin ${{ env.RELEASE_TAG }}
          poetry build
-
-      - name: Publish Prowler package to PyPI
+      - name: Publish prowler package to PyPI
        run: |
          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
          poetry publish
+      # Create pull request with new version
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
+          commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
+          branch: release-${{ env.RELEASE_TAG }}
+          labels: "status/waiting-for-revision, severity/low"
+          title: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}"
+          body: |
+            ### Description

-      - name: Replicate PyPI package
+            This PR updates Prowler Version to ${{ env.RELEASE_TAG }}.
+
+            ### License
+
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+      - name: Replicate PyPi Package
        run: |
          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
          pip install toml
          python util/replicate_pypi_package.py
          poetry build
-
      - name: Publish prowler-cloud package to PyPI
        run: |
          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
--- a/.github/workflows/refresh_aws_services_regions.yml
+++ b/.github/workflows/refresh_aws_services_regions.yml
@@ -50,7 +50,7 @@ jobs:

      # Create pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
          commit-message: "feat(regions_update): Update regions for AWS services."
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -96,7 +96,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'safety check --ignore 70612'
+        entry: bash -c 'safety check'
        language: system

      - id: vulture
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -10,4 +10,4 @@
 Want some swag as appreciation for your contribution?

 # Prowler Developer Guide
-https://docs.prowler.com/projects/prowler-open-source/en/latest/developer-guide/introduction/
+https://docs.prowler.cloud/en/latest/tutorials/developer-guide/
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM python:3.12.8-alpine3.20
+FROM python:3.11-alpine

 LABEL maintainer="https://github.com/prowler-cloud/prowler"

--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
 </p>
-
+  
 <p align="center">
 <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img width="30" height="30" alt="Prowler community on Slack" src="https://github.com/prowler-cloud/prowler/assets/3985464/3617e470-670c-47c9-9794-ce895ebdb627"></a>
  <br>
@@ -47,9 +47,9 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 304 | 61 -> `prowler aws --list-services` | 28 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
-| GCP | 75 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 127 | 16 -> `prowler azure --list-services` | 2 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| AWS | 302 | 61 -> `prowler aws --list-services` | 27 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
+| GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 91 | 14 -> `prowler azure --list-services` | CIS soon | 2 -> `prowler azure --list-categories` |
 | Kubernetes | Work In Progress | - | CIS soon | - |

 # 📖 Documentation
--- a/docs/developer-guide/checks.md
+++ b/docs/developer-guide/checks.md
@@ -230,7 +230,7 @@ Each Prowler check has metadata associated which is stored at the same level of
  # Severity holds the check's severity, always in lowercase (critical, high, medium, low or informational)
  "Severity": "critical",
  # ResourceType only for AWS, holds the type from here
-  # https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html
+  # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
  "ResourceType": "Other",
  # Description holds the title of the check, for now is the same as CheckTitle
  "Description": "Ensure there are no EC2 AMIs set as Public.",
@@ -243,11 +243,11 @@ Each Prowler check has metadata associated which is stored at the same level of
    # Code holds different methods to remediate the FAIL finding
    "Code": {
      # CLI holds the command in the provider native CLI to remediate it
-      "CLI": "https://docs.prowler.com/checks/public_8#cli-command",
+      "CLI": "https://docs.bridgecrew.io/docs/public_8#cli-command",
      # NativeIaC holds the native IaC code to remediate it, use "https://docs.bridgecrew.io/docs"
      "NativeIaC": "",
      # Other holds the other commands, scripts or code to remediate it, use "https://www.trendmicro.com/cloudoneconformity"
-      "Other": "https://docs.prowler.com/checks/public_8#aws-console",
+      "Other": "https://docs.bridgecrew.io/docs/public_8#aws-console",
      # Terraform holds the Terraform code to remediate it, use "https://docs.bridgecrew.io/docs"
      "Terraform": ""
    },
--- a/docs/developer-guide/documentation.md
+++ b/docs/developer-guide/documentation.md
@@ -1,8 +1,8 @@
 ## Contribute with documentation

-We use `mkdocs` to build this Prowler documentation site so you can easily contribute back with new docs or improving them. To install all necessary dependencies use `poetry install --with docs`.
+We use `mkdocs` to build this Prowler documentation site so you can easily contribute back with new docs or improving them.

 1. Install `mkdocs` with your favorite package manager.
 2. Inside the `prowler` repository folder run `mkdocs serve` and point your browser to `http://localhost:8000` and you will see live changes to your local copy of this documentation site.
-3. Make all needed changes to docs or add new documents. To do so just edit existing md files inside `prowler/docs` and if you are adding a new section or file please make sure you add it to `mkdocs.yml` file in the root folder of the Prowler repo.
+3. Make all needed changes to docs or add new documents. To do so just edit existing md files inside `prowler/docs` and if you are adding a new section or file please make sure you add it to `mkdocs.yaml` file in the root folder of the Prowler repo.
 4. Once you are done with changes, please send a pull request to us for review and merge. Thank you in advance!
--- a/docs/developer-guide/services.md
+++ b/docs/developer-guide/services.md
@@ -175,8 +175,6 @@ class <Service>(ServiceParentClass):
                f"{<item>.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )
 ```
-???+note
-    To avoid fake findings, when Prowler can't retrieve the items, because an Access Denied or similar error, we set that items value as `None`.

 ### Service Models

--- a/docs/developer-guide/unit-testing.md
+++ b/docs/developer-guide/unit-testing.md
@@ -509,113 +509,7 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed:

 ### Services

-For testing Google Cloud Services, we have to follow the same logic as with the Google Cloud checks. We still mocking all API calls, but in this case, every API call to set up an attribute is defined in [fixtures file](https://github.com/prowler-cloud/prowler/blob/master/tests/providers/gcp/gcp_fixtures.py) in `mock_api_client` function. Remember that EVERY method of a service must be tested.
-
-The following code shows a real example of a testing class, but it has more comments than usual for educational purposes.
-
-```python title="BigQuery Service Test"
-# We need to import the unittest.mock.patch to allow us to patch some objects
-# not to use shared ones between test, hence to isolate the test
-from unittest.mock import patch
-# Import the class needed from the service file
-from prowler.providers.gcp.services.bigquery.bigquery_service import BigQuery
-# Necessary constans and functions from fixtures file
-from tests.providers.gcp.gcp_fixtures import (
-    GCP_PROJECT_ID,
-    mock_api_client,
-    mock_is_api_active,
-    set_mocked_gcp_audit_info,
-)
-
-
-class TestBigQueryService:
-    # Only method needed to test full service
-    def test_service(self):
-        # In this case we are mocking the __is_api_active__ to ensure our mocked project is used
-        # And all the client to use our mocked API calls
-        with patch(
-            "prowler.providers.gcp.lib.service.service.GCPService.__is_api_active__",
-            new=mock_is_api_active,
-        ), patch(
-            "prowler.providers.gcp.lib.service.service.GCPService.__generate_client__",
-            new=mock_api_client,
-        ):
-            # Instantiate an object of class with the mocked provider
-            bigquery_client = BigQuery(
-                set_mocked_gcp_audit_info(project_ids=[GCP_PROJECT_ID])
-            )
-            # Check all attributes of the tested class is well set up according API calls mocked from GCP fixture file
-            assert bigquery_client.service == "bigquery"
-            assert bigquery_client.project_ids == [GCP_PROJECT_ID]
-
-            assert len(bigquery_client.datasets) == 2
-
-            assert bigquery_client.datasets[0].name == "unique_dataset1_name"
-            assert bigquery_client.datasets[0].id.__class__.__name__ == "str"
-            assert bigquery_client.datasets[0].region == "US"
-            assert bigquery_client.datasets[0].cmk_encryption
-            assert bigquery_client.datasets[0].public
-            assert bigquery_client.datasets[0].project_id == GCP_PROJECT_ID
-
-            assert bigquery_client.datasets[1].name == "unique_dataset2_name"
-            assert bigquery_client.datasets[1].id.__class__.__name__ == "str"
-            assert bigquery_client.datasets[1].region == "EU"
-            assert not bigquery_client.datasets[1].cmk_encryption
-            assert not bigquery_client.datasets[1].public
-            assert bigquery_client.datasets[1].project_id == GCP_PROJECT_ID
-
-            assert len(bigquery_client.tables) == 2
-
-            assert bigquery_client.tables[0].name == "unique_table1_name"
-            assert bigquery_client.tables[0].id.__class__.__name__ == "str"
-            assert bigquery_client.tables[0].region == "US"
-            assert bigquery_client.tables[0].cmk_encryption
-            assert bigquery_client.tables[0].project_id == GCP_PROJECT_ID
-
-            assert bigquery_client.tables[1].name == "unique_table2_name"
-            assert bigquery_client.tables[1].id.__class__.__name__ == "str"
-            assert bigquery_client.tables[1].region == "US"
-            assert not bigquery_client.tables[1].cmk_encryption
-            assert bigquery_client.tables[1].project_id == GCP_PROJECT_ID
-```
-As it can be confusing where all these values come from, I'll give an example to make this clearer. First we need to check
-what is the API call used to obtain the datasets. In this case if we check the service the call is
-`self.client.datasets().list(projectId=project_id)`.
-
-Now in the fixture file we have to mock this call in our `MagicMock` client in the function `mock_api_client`. The best way to mock
-is following the actual format, add one function where the client is passed to be changed, the format of this function name must be
-`mock_api_<endpoint>_calls` (*endpoint* refers to the first attribute pointed after *client*).
-
-In the example of BigQuery the function is called `mock_api_dataset_calls`. And inside of this function we found an assignation to
-be used in the `__get_datasets__` method in BigQuery class:
-
-```python
-# Mocking datasets
-dataset1_id = str(uuid4())
-dataset2_id = str(uuid4())
-
-client.datasets().list().execute.return_value = {
-    "datasets": [
-        {
-            "datasetReference": {
-                "datasetId": "unique_dataset1_name",
-                "projectId": GCP_PROJECT_ID,
-            },
-            "id": dataset1_id,
-            "location": "US",
-        },
-        {
-            "datasetReference": {
-                "datasetId": "unique_dataset2_name",
-                "projectId": GCP_PROJECT_ID,
-            },
-            "id": dataset2_id,
-            "location": "EU",
-        },
-    ]
-}
-```
-
+Coming soon ...

 ## Azure

@@ -623,8 +517,6 @@ client.datasets().list().execute.return_value = {

 For the Azure Provider we don't have any library to mock out the API calls we use. So in this scenario we inject the objects in the service client using [MagicMock](https://docs.python.org/3/library/unittest.mock.html#unittest.mock.MagicMock).

-In essence, we create object instances and we run the check that we are testing with that instance. In the test we ensure the check executed correctly and results with the expected values.
-
 The following code shows how to use MagicMock to create the service objects for a Azure check test.

 ```python
@@ -665,8 +557,11 @@ class Test_defender_ensure_defender_for_arm_is_on:

        # In this scenario we have to mock also the Defender service and the defender_client from the check to enforce that the defender_client used is the one created within this check because patch != import, and if you execute tests in parallel some objects can be already initialised hence the check won't be isolated.
        # In this case we don't use the Moto decorator, we use the mocked Defender client for both objects
-         with mock.patch(
-            "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client",
+        with mock.patch(
+            "prowler.providers.azure.services.defender.defender_service.Defender",
+            new=defender_client,
+        ), mock.patch(
+            "prowler.providers.azure.services.defender.defender_client.defender_client",
            new=defender_client,
        ):

@@ -680,7 +575,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
            check = defender_ensure_defender_for_arm_is_on()

            # And then, call the execute() function to run the check
-            # against the Defender client we've set up.
+            # against the IAM client we've set up.
            result = check.execute()

            # Last but not least, we need to assert all the fields
@@ -698,171 +593,4 @@ class Test_defender_ensure_defender_for_arm_is_on:

 ### Services

-For the Azure Services tests, the idea is similar, we test that the functions we've done for capturing the values of the different objects using the Azure API work correctly. Again, we create an object instance and verify that the values captured for that instance are correct.
-
-The following code shows how a service test looks like.
-
-```python
-#We import patch from unittest.mock for simulating objects, the ones that we'll test with.
-from unittest.mock import patch
-
-#Importing FlowLogs from azure.mgmt.network.models allows us to create objects corresponding
-#to flow log settings for Azure networking resources.
-from azure.mgmt.network.models import FlowLog
-
-#We import the different classes of the Network Service so we can use them.
-from prowler.providers.azure.services.network.network_service import (
-    BastionHost,
-    Network,
-    NetworkWatcher,
-    PublicIp,
-    SecurityGroup,
-)
-
-#Azure constants
-from tests.providers.azure.azure_fixtures import (
-    AZURE_SUBSCRIPTION,
-    set_mocked_azure_audit_info,
-)
-
-#Mocks the behavior of a function responsible for retrieving security groups from a network service so
-#basically this is the instance for SecurityGroup that we are going to use
-def mock_network_get_security_groups(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            SecurityGroup(
-                id="id",
-                name="name",
-                location="location",
-                security_rules=[],
-            )
-        ]
-    }
-
-#We do the same for all the components we need, BastionHost, NetworkWatcher and PublicIp in this case
-
-def mock_network_get_bastion_hosts(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            BastionHost(
-                id="id",
-                name="name",
-                location="location",
-            )
-        ]
-    }
-
-def mock_network_get_network_watchers(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            NetworkWatcher(
-                id="id",
-                name="name",
-                location="location",
-                flow_logs=[FlowLog(enabled=True, retention_policy=90)],
-            )
-        ]
-    }
-
-def mock_network_get_public_ip_addresses(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            PublicIp(
-                id="id",
-                name="name",
-                location="location",
-                ip_address="ip_address",
-            )
-        ]
-    }
-
-#We use the 'path' decorator to replace during the test, the original get functions with the mock functions.
-
-#In this case we are replacing the '__get_security_groups__' with the 'mock_network_get_security_groups'.
-#We do the same for the rest of the functions.
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_security_groups__",
-    new=mock_network_get_security_groups,
-)
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_bastion_hosts__",
-    new=mock_network_get_bastion_hosts,
-)
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_network_watchers__",
-    new=mock_network_get_network_watchers,
-)
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_public_ip_addresses__",
-    new=mock_network_get_public_ip_addresses,
-)
-
-#We create the class for finally testing the methods
-class Test_Network_Service:
-
-    #Verifies that Network class initializes correctly a client object
-    def test__get_client__(self):
-        #Creates instance of the Network class with the audit information provided
-        network = Network(set_mocked_azure_audit_info())
-        #Checks if the client is not being initialize correctly
-        assert (
-            network.clients[AZURE_SUBSCRIPTION].__class__.__name__
-            == "NetworkManagementClient"
-        )
-
-    #Verifies Securiy Group are set correctly
-    def test__get_security_groups__(self):
-        network = Network(set_mocked_azure_audit_info())
-        assert (
-            network.security_groups[AZURE_SUBSCRIPTION][0].__class__.__name__
-            == "SecurityGroup"
-        )
-        #As you can see, every field must be right according to the mocking method
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].id == "id"
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].name == "name"
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].location == "location"
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].security_rules == []
-
-    #Verifies Network Watchers are set correctly
-    def test__get_network_watchers__(self):
-        network = Network(set_mocked_azure_audit_info())
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0].__class__.__name__
-            == "NetworkWatcher"
-        )
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].id == "id"
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].name == "name"
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].location == "location"
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs == [
-            FlowLog(enabled=True, retention_policy=90)
-        ]
-    #Verifies Flow Logs are set correctly
-    def __get_flow_logs__(self):
-        network = Network(set_mocked_azure_audit_info())
-        nw_name = "name"
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0]
-            .flow_logs[nw_name][0]
-            .__class__.__name__
-            == "FlowLog"
-        )
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs == [
-            FlowLog(enabled=True, retention_policy=90)
-        ]
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs[0].enabled is True
-        )
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0]
-            .flow_logs[0]
-            .retention_policy
-            == 90
-        )
-
-        ...
-```
-The code continues with some more verifications the same way.
-
-Hopefully this will result useful for understanding and creating new Azure Services checks.
-
-Please refer to the [Azure checks tests](./unit-testing.md#azure) for more information on how to create tests and check the existing services tests [here](https://github.com/prowler-cloud/prowler/tree/master/tests/providers/azure/services).
+Coming soon ...
--- a/docs/getting-started/requirements.md
+++ b/docs/getting-started/requirements.md
@@ -64,17 +64,16 @@ The other three cases does not need additional configuration, `--az-cli-auth` an

 To use each one you need to pass the proper flag to the execution. Prowler for Azure handles two types of permission scopes, which are:

- **Microsoft Entra ID permissions**: Used to retrieve metadata from the identity assumed by Prowler (not mandatory to have access to execute the tool).
+- **Azure Active Directory permissions**: Used to retrieve metadata from the identity assumed by Prowler and future AAD checks (not mandatory to have access to execute the tool)
 - **Subscription scope permissions**: Required to launch the checks against your resources, mandatory to launch the tool.


-#### Microsoft Entra ID scope
+#### Azure Active Directory scope

 Microsoft Entra ID (AAD earlier) permissions required by the tool are the following:

 - `Directory.Read.All`
 - `Policy.Read.All`
- `UserAuthenticationMethod.Read.All`

 The best way to assign it is through the Azure web console:

@@ -87,10 +86,9 @@ The best way to assign it is through the Azure web console:
 5. In the left menu bar, select "API permissions"
 6. Then click on "+ Add a permission" and select "Microsoft Graph"
 7. Once in the "Microsoft Graph" view, select "Application permissions"
-8. Finally, search for "Directory", "Policy" and "UserAuthenticationMethod" select the following permissions:
+8. Finally, search for "Directory" and "Policy" and select the following permissions:
    - `Directory.Read.All`
    - `Policy.Read.All`
-    - `UserAuthenticationMethod.Read.All`
    ![EntraID Permissions](../img/AAD-permissions.png)


--- a/docs/img/AAD-permissions.png
+++ b/docs/img/AAD-permissions.png
--- a/docs/tutorials/aws/v2_to_v3_checks_mapping.md
+++ b/docs/tutorials/aws/v2_to_v3_checks_mapping.md
@@ -95,8 +95,7 @@ checks_v3_to_v2_mapping = {
    "ec2_networkacl_allow_ingress_any_port": "extra7138",
    "ec2_networkacl_allow_ingress_tcp_port_22": "check45",
    "ec2_networkacl_allow_ingress_tcp_port_3389": "check46",
-    "ec2_securitygroup_allow_ingress_from_internet_to_all_ports": "extra748",
-    "ec2_securitygroup_allow_ingress_from_internet_to_any_port": "extra74",
+    "ec2_securitygroup_allow_ingress_from_internet_to_any_port": "extra748",
    "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018": "extra753",
    "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21": "extra7134",
    "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22": "check41",
--- a/docs/tutorials/azure/use-non-default-cloud.md
+++ b/docs/tutorials/azure/use-non-default-cloud.md
@@ -7,6 +7,7 @@ At the time of writing this documentation the available Azure Clouds from differ
 - AzureCloud
 - AzureChinaCloud
 - AzureUSGovernment
+- AzureGermanCloud

 If you want to change the default one you must include the flag `--azure-region`, i.e.:

--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -17,15 +17,13 @@ Currently, the available frameworks are:
 - `cis_1.5_aws`
 - `cis_2.0_aws`
 - `cis_2.0_gcp`
- `cis_2.0_azure`
- `cis_2.1_azure`
 - `cis_3.0_aws`
 - `cisa_aws`
 - `ens_rd2022_aws`
 - `fedramp_low_revision_4_aws`
 - `fedramp_moderate_revision_4_aws`
 - `ffiec_aws`
- `aws_foundational_technical_review_aws`
+- `foundational_technical_review_aws`
 - `gdpr_aws`
 - `gxp_21_cfr_part_11_aws`
 - `gxp_eu_annex_11_aws`
--- a/docs/tutorials/configuration_file.md
+++ b/docs/tutorials/configuration_file.md
@@ -33,8 +33,6 @@ The following list includes all the AWS checks with configurable variables that
 | `drs_job_exist`                                               | `allowlist_non_default_regions`                  | Boolean         |
 | `guardduty_is_enabled`                                        | `allowlist_non_default_regions`                  | Boolean         |
 | `securityhub_enabled`                                         | `allowlist_non_default_regions`                  | Boolean         |
-| `rds_instance_backup_enabled`                                  | `check_rds_instance_replicas`      | Boolean        |
-| `acm_certificates_expiration_check`                           | `days_to_expire_threshold`                       | Integer         |

 ## Azure

@@ -61,6 +59,7 @@ The following list includes all the Azure checks with configurable variables tha
 ```yaml title="config.yaml"
 # AWS Configuration
 aws:
+
  # AWS Global Configuration
  # aws.allowlist_non_default_regions --> Allowlist Failed Findings in non-default regions for GuardDuty, SecurityHub, DRS and Config
  allowlist_non_default_regions: False
@@ -73,7 +72,6 @@ aws:

  # AWS EC2 Configuration
  # aws.ec2_elastic_ip_shodan
-  # TODO: create common config
  shodan_api_key: null
  # aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
  max_security_group_rules: 50
@@ -81,7 +79,6 @@ aws:
  max_ec2_instance_age_in_days: 180

  # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-  # AWS SSM Configuration (aws.ssm_documents_set_as_public)
  # Single account environment: No action required. The AWS account number will be automatically added by the checks.
  # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
  # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
@@ -103,67 +100,48 @@ aws:
  # aws.awslambda_function_using_supported_runtimes
  obsolete_lambda_runtimes:
    [
-      "java8",
-      "go1.x",
-      "provided",
      "python3.6",
      "python2.7",
-      "python3.7",
      "nodejs4.3",
      "nodejs4.3-edge",
      "nodejs6.10",
      "nodejs",
      "nodejs8.10",
      "nodejs10.x",
-      "nodejs12.x",
-      "nodejs14.x",
-      "dotnet5.0",
      "dotnetcore1.0",
      "dotnetcore2.0",
      "dotnetcore2.1",
-      "dotnetcore3.1",
      "ruby2.5",
-      "ruby2.7",
    ]

  # AWS Organizations
-  # aws.organizations_scp_check_deny_regions
-  # aws.organizations_enabled_regions: [
-  #   "eu-central-1",
-  #   "eu-west-1",
+  # organizations_scp_check_deny_regions
+  # organizations_enabled_regions: [
+  #   'eu-central-1',
+  #   'eu-west-1',
  #   "us-east-1"
  # ]
  organizations_enabled_regions: []
  organizations_trusted_delegated_administrators: []

  # AWS ECR
-  # aws.ecr_repositories_scan_vulnerabilities_in_latest_image
+  # ecr_repositories_scan_vulnerabilities_in_latest_image
  # CRITICAL
  # HIGH
  # MEDIUM
  ecr_repository_vulnerability_minimum_severity: "MEDIUM"

  # AWS Trusted Advisor
-  # aws.trustedadvisor_premium_support_plan_subscribed
+  # trustedadvisor_premium_support_plan_subscribed
  verify_premium_support_plans: True

-  # AWS RDS
-  # aws.rds_instance_backup_enabled
-  # Whether to check RDS instance replicas or not
-  check_rds_instance_replicas: False
-
-  # AWS ACM Configuration
-  # aws.acm_certificates_expiration_check
-  days_to_expire_threshold: 7
-
 # Azure Configuration
 azure:
  # Azure Network Configuration
  # azure.network_public_ip_shodan
-  # TODO: create common config
  shodan_api_key: null

-  # Azure App Service
+  # Azure App Configuration
  # azure.app_ensure_php_version_is_latest
  php_latest_version: "8.2"
  # azure.app_ensure_python_version_is_latest
--- a/docs/tutorials/ignore-unused-services.md
+++ b/docs/tutorials/ignore-unused-services.md
@@ -11,12 +11,6 @@ prowler <provider> --ignore-unused-services

 ## Services that can be ignored
 ### AWS
-#### ACM
-You can have certificates in ACM that is not in use by any AWS resource.
-Prowler will check if every certificate is going to expire soon, if this certificate is not in use by default it is not going to be check if it is expired, is going to expire soon or it is good.
-
- `acm_certificates_expiration_check`
-
 #### Athena
 When you create an AWS Account, Athena will create a default primary workgroup for you.
 Prowler will check if that workgroup is enabled and if it is being used by checking if there were queries in the last 45 days.
@@ -36,11 +30,9 @@ If EBS default encyption is not enabled, sensitive information at rest is not pr

  - `ec2_ebs_default_encryption`

-If your Security groups are not properly configured the attack surface is increased, nonetheless, Prowler will detect those security groups that are being used (they are attached) to only notify those that are being used. This logic applies to the 15 checks related to open ports in security groups, the check for the default security group and for the security groups that allow ingress and egress traffic.
+If your Security groups are not properly configured the attack surface is increased, nonetheless, Prowler will detect those security groups that are being used (they are attached) to only notify those that are being used. This logic applies to the 15 checks related to open ports in security groups.

  - `ec2_securitygroup_allow_ingress_from_internet_to_port_X` (15 checks)
-  - `ec2_securitygroup_default_restrict_traffic`
-  - `ec2_securitygroup_allow_wide_open_public_ipv4`

 Prowler will also check for used Network ACLs to only alerts those with open ports that are being used.

@@ -77,15 +69,3 @@ You should enable Public Access Block at the account level to prevent the exposu
 VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. Nevertheless, Prowler will only check if the Flow Logs are enabled for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).

  - `vpc_flow_logs_enabled`
-
-VPC subnets must not have public IP addresses by default to prevent the exposure of your resources to the internet. Prowler will only check this configuration for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
-
-  - `vpc_subnet_no_public_ip_by_default`
-
-VPCs should have separate private and public subnets to prevent the exposure of your resources to the internet. Prowler will only check this configuration for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
-
-  - `vpc_subnet_separate_private_public`
-
-VPCs should have subnets in different availability zones to prevent a single point of failure. Prowler will only check this configuration for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
-
-  - `vpc_subnet_different_az`
--- a/docs/tutorials/integrations.md
+++ b/docs/tutorials/integrations.md
@@ -11,7 +11,7 @@ prowler <provider> --slack
 ![Prowler Slack Message](img/slack-prowler-message.png)

 ???+ note
-    Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_NAME environment variables.
+    Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_ID environment variables.

 ### Configuration

@@ -35,4 +35,4 @@ To configure the Slack Integration, follow the next steps:

 4. Set the following environment variables that Prowler will read:
    - `SLACK_API_TOKEN`: the *Slack App OAuth Token* that was previously get.
-    - `SLACK_CHANNEL_NAME`: the name of your Slack Channel where Prowler will send the message.
+    - `SLACK_CHANNEL_ID`: the name of your Slack Channel where Prowler will send the message.
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -16,23 +16,8 @@ theme:
    - navigation.sections
    - navigation.top
  palette:
-    # Palette toggle for light mode
-    - media: "(prefers-color-scheme: light)"
-      scheme: default
-      primary: black
-      accent: green
-      toggle:
-        icon: material/weather-night
-        name: Switch to dark mode
-    # Palette toggle for dark mode
-    - media: "(prefers-color-scheme: dark)"
-      scheme: slate
-      primary: black
-      accent: green
-      toggle:
-        icon: material/weather-sunny
-        name: Switch to light mode
-
+    primary: black
+    accent: green

 plugins:
  - search
--- a/poetry.lock
+++ b/poetry.lock
--- a/prowler/main.py
+++ b/prowler/main.py
@@ -204,23 +204,17 @@ def prowler():
    stats = extract_findings_statistics(findings)

    if args.slack:
-        if "SLACK_API_TOKEN" in os.environ and (
-            "SLACK_CHANNEL_NAME" in os.environ or "SLACK_CHANNEL_ID" in os.environ
-        ):
+        if "SLACK_API_TOKEN" in os.environ and "SLACK_CHANNEL_ID" in os.environ:
            _ = send_slack_message(
                os.environ["SLACK_API_TOKEN"],
-                (
-                    os.environ["SLACK_CHANNEL_NAME"]
-                    if "SLACK_CHANNEL_NAME" in os.environ
-                    else os.environ["SLACK_CHANNEL_ID"]
-                ),
+                os.environ["SLACK_CHANNEL_ID"],
                stats,
                provider,
                audit_info,
            )
        else:
            logger.critical(
-                "Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_NAME environment variables (see more in https://docs.prowler.cloud/en/latest/tutorials/integrations/#slack)."
+                "Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_ID environment variables (see more in https://docs.prowler.cloud/en/latest/tutorials/integrations/#slack)."
            )
            sys.exit(1)

--- a/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json
+++ b/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json
@@ -719,7 +719,7 @@
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
--- a/prowler/compliance/aws/cis_1.4_aws.json
+++ b/prowler/compliance/aws/cis_1.4_aws.json
@@ -1168,7 +1168,7 @@
      "Id": "5.2",
      "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
--- a/prowler/compliance/aws/cis_1.5_aws.json
+++ b/prowler/compliance/aws/cis_1.5_aws.json
@@ -1252,7 +1252,7 @@
      "Id": "5.2",
      "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
@@ -1275,7 +1275,7 @@
      "Id": "5.3",
      "Description": "Ensure no security groups allow ingress from ::/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
--- a/prowler/compliance/aws/cis_2.0_aws.json
+++ b/prowler/compliance/aws/cis_2.0_aws.json
@@ -1250,7 +1250,7 @@
      "Id": "5.2",
      "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
@@ -1273,7 +1273,7 @@
      "Id": "5.3",
      "Description": "Ensure no security groups allow ingress from ::/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
--- a/prowler/compliance/aws/cis_3.0_aws.json
+++ b/prowler/compliance/aws/cis_3.0_aws.json
@@ -1208,7 +1208,7 @@
      "Id": "5.2",
      "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
@@ -1231,7 +1231,7 @@
      "Id": "5.3",
      "Description": "Ensure no security groups allow ingress from ::/0 to remote server administration ports",
      "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ],
--- a/prowler/compliance/aws/cisa_aws.json
+++ b/prowler/compliance/aws/cisa_aws.json
@@ -134,7 +134,7 @@
        "vpc_endpoint_connections_trust_boundaries",
        "ec2_securitygroup_default_restrict_traffic",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports"
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port"
      ]
    },
    {
@@ -297,7 +297,7 @@
        "vpc_flow_logs_enabled",
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports"
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port"
      ]
    },
    {
--- a/prowler/compliance/aws/ens_rd2022_aws.json
+++ b/prowler/compliance/aws/ens_rd2022_aws.json
--- a/prowler/compliance/aws/aws_foundational_technical_review_aws.json
+++ b/prowler/compliance/aws/aws_foundational_technical_review_aws.json
@@ -1,8 +1,8 @@
 {
-  "Framework": "AWS-Foundational-Technical-Review",
+  "Framework": "Foundational-Technical-Review",
  "Version": "",
  "Provider": "AWS",
-  "Description": "The AWS Foundational Technical Review (FTR) assesses an AWS Partner's solution against a specific set of Amazon Web Services (AWS) best practices around security, performance, and operational processes that are most critical for customer success. Passing the FTR is required to qualify AWS Software Partners for AWS Partner Network (APN) programs such as AWS Competency and AWS Service Ready but any AWS Partner who offers a technology solution may request a FTR review through AWS Partner Central.",
+  "Description": "The Foundational Technical Review (FTR) assesses an AWS Partner's solution against a specific set of Amazon Web Services (AWS) best practices around security, performance, and operational processes that are most critical for customer success. Passing the FTR is required to qualify AWS Software Partners for AWS Partner Network (APN) programs such as AWS Competency and AWS Service Ready but any AWS Partner who offers a technology solution may request a FTR review through AWS Partner Central.",
  "Requirements": [
    {
      "Id": "HOST-001",
@@ -363,7 +363,7 @@
      "Checks": [
        "ec2_ami_public",
        "ec2_instance_public_ip",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
--- a/prowler/compliance/aws/mitre_attack_aws.json
+++ b/prowler/compliance/aws/mitre_attack_aws.json
@@ -106,7 +106,7 @@
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1022,7 +1022,7 @@
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1468,7 +1468,7 @@
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1648,7 +1648,7 @@
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1900,7 +1900,7 @@
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
--- a/prowler/compliance/azure/cis_2.0_azure.json
+++ b/prowler/compliance/azure/cis_2.0_azure.json
--- a/prowler/compliance/azure/cis_2.1_azure.json
+++ b/prowler/compliance/azure/cis_2.1_azure.json
--- a/prowler/config/config.py
+++ b/prowler/config/config.py
@@ -11,7 +11,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "3.16.18"
+prowler_version = "3.15.0"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 html_logo_img = "https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png"
 square_logo_img = "https://user-images.githubusercontent.com/38561120/235905862-9ece5bd7-9aa3-4e48-807a-3a9035eb8bfb.png"
@@ -61,7 +61,6 @@ html_file_suffix = ".html"
 default_config_file_path = (
    f"{pathlib.Path(os.path.dirname(os.path.realpath(__file__)))}/config.yaml"
 )
-encoding_format_utf_8 = "utf-8"


 def check_current_version():
@@ -103,7 +102,8 @@ def load_and_validate_config_file(provider: str, config_file_path: str) -> dict:
    load_and_validate_config_file reads the Prowler config file in YAML format from the default location or the file passed with the --config-file flag
    """
    try:
-        with open(config_file_path, "r", encoding=encoding_format_utf_8) as f:
+        with open(config_file_path) as f:
+            config = {}
            config_file = yaml.safe_load(f)

            # Not to introduce a breaking change we have to allow the old format config file without any provider keys
--- a/prowler/config/config.yaml
+++ b/prowler/config/config.yaml
@@ -31,7 +31,6 @@ aws:
  max_ec2_instance_age_in_days: 180

  # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-  # AWS SSM Configuration (aws.ssm_documents_set_as_public)
  # Single account environment: No action required. The AWS account number will be automatically added by the checks.
  # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
  # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
@@ -53,27 +52,18 @@ aws:
  # aws.awslambda_function_using_supported_runtimes
  obsolete_lambda_runtimes:
    [
-      "java8",
-      "go1.x",
-      "provided",
      "python3.6",
      "python2.7",
-      "python3.7",
      "nodejs4.3",
      "nodejs4.3-edge",
      "nodejs6.10",
      "nodejs",
      "nodejs8.10",
      "nodejs10.x",
-      "nodejs12.x",
-      "nodejs14.x",
-      "dotnet5.0",
      "dotnetcore1.0",
      "dotnetcore2.0",
      "dotnetcore2.1",
-      "dotnetcore3.1",
      "ruby2.5",
-      "ruby2.7",
    ]

  # AWS Organizations
@@ -97,15 +87,6 @@ aws:
  # trustedadvisor_premium_support_plan_subscribed
  verify_premium_support_plans: True

-  # AWS RDS
-  # aws.rds_instance_backup_enabled
-  # Whether to check RDS instance replicas or not
-  check_rds_instance_replicas: False
-
-  # AWS ACM Configuration
-  # aws.acm_certificates_expiration_check
-  days_to_expire_threshold: 7
-
 # Azure Configuration
 azure:
  # Azure Network Configuration
--- a/prowler/lib/check/compliance.py
+++ b/prowler/lib/check/compliance.py
@@ -34,7 +34,6 @@ def update_checks_metadata_with_compliance(
            # Save it into the check's metadata
            bulk_checks_metadata[check].Compliance = check_compliance

-        check_compliance = []
        # Add requirements of Manual Controls
        for framework in bulk_compliance_frameworks.values():
            for requirement in framework.Requirements:
@@ -71,6 +70,7 @@ def update_checks_metadata_with_compliance(
                    "Recommendation": {"Text": "", "Url": ""},
                },
                "Categories": [],
+                "Tags": {},
                "DependsOn": [],
                "RelatedTo": [],
                "Notes": "",
--- a/prowler/lib/check/compliance_models.py
+++ b/prowler/lib/check/compliance_models.py
@@ -46,8 +46,6 @@ class ENS_Requirement_Attribute(BaseModel):
    Tipo: ENS_Requirement_Attribute_Tipos
    Nivel: ENS_Requirement_Attribute_Nivel
    Dimensiones: list[ENS_Requirement_Attribute_Dimensiones]
-    ModoEjecucion: str
-    Dependencias: list[str]


 # Generic Compliance Requirement Attribute
@@ -89,7 +87,6 @@ class CIS_Requirement_Attribute(BaseModel):
    RemediationProcedure: str
    AuditProcedure: str
    AdditionalInformation: str
-    DefaultValue: Optional[str]
    References: str


--- a/prowler/lib/outputs/compliance.py
+++ b/prowler/lib/outputs/compliance.py
@@ -11,7 +11,6 @@ from prowler.lib.outputs.models import (
    Check_Output_CSV_AWS_CIS,
    Check_Output_CSV_AWS_ISO27001_2013,
    Check_Output_CSV_AWS_Well_Architected,
-    Check_Output_CSV_AZURE_CIS,
    Check_Output_CSV_ENS_RD2022,
    Check_Output_CSV_GCP_CIS,
    Check_Output_CSV_Generic_Compliance,
@@ -36,7 +35,6 @@ def add_manual_controls(output_options, audit_info, file_descriptors):
            manual_finding.region = ""
            manual_finding.location = ""
            manual_finding.project_id = ""
-            manual_finding.subscription = ""
            fill_compliance(
                output_options, manual_finding, audit_info, file_descriptors
            )
@@ -84,10 +82,6 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                            Requirements_Attributes_Dimensiones=",".join(
                                attribute.Dimensiones
                            ),
-                            Requirements_Attributes_ModoEjecucion=attribute.ModoEjecucion,
-                            Requirements_Attributes_Dependencias=",".join(
-                                attribute.Dependencias
-                            ),
                            Status=finding.status,
                            StatusExtended=finding.status_extended,
                            ResourceId=finding.resource_id,
@@ -167,36 +161,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                                csv_header = generate_csv_fields(
                                    Check_Output_CSV_GCP_CIS
                                )
-                            elif compliance.Provider == "Azure":
-                                compliance_row = Check_Output_CSV_AZURE_CIS(
-                                    Provider=finding.check_metadata.Provider,
-                                    Description=compliance.Description,
-                                    Subscription=finding.subscription,
-                                    AssessmentDate=outputs_unix_timestamp(
-                                        output_options.unix_timestamp, timestamp
-                                    ),
-                                    Requirements_Id=requirement_id,
-                                    Requirements_Description=requirement_description,
-                                    Requirements_Attributes_Section=attribute.Section,
-                                    Requirements_Attributes_Profile=attribute.Profile,
-                                    Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
-                                    Requirements_Attributes_Description=attribute.Description,
-                                    Requirements_Attributes_RationaleStatement=attribute.RationaleStatement,
-                                    Requirements_Attributes_ImpactStatement=attribute.ImpactStatement,
-                                    Requirements_Attributes_RemediationProcedure=attribute.RemediationProcedure,
-                                    Requirements_Attributes_AuditProcedure=attribute.AuditProcedure,
-                                    Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
-                                    Requirements_Attributes_DefaultValue=attribute.DefaultValue,
-                                    Requirements_Attributes_References=attribute.References,
-                                    Status=finding.status,
-                                    StatusExtended=finding.status_extended,
-                                    ResourceId=finding.resource_id,
-                                    ResourceName=finding.resource_name,
-                                    CheckId=finding.check_metadata.CheckID,
-                                )
-                                csv_header = generate_csv_fields(
-                                    Check_Output_CSV_AZURE_CIS
-                                )
+
            elif (
                "AWS-Well-Architected-Framework" in compliance.Framework
                and compliance.Provider == "AWS"
@@ -304,19 +269,11 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                        attributes_categories = ""
                        attributes_values = ""
                        attributes_comments = ""
-                        attributes_aws_services = ", ".join(
-                            attribute.AWSService for attribute in requirement.Attributes
-                        )
-                        attributes_categories = ", ".join(
-                            attribute.Category for attribute in requirement.Attributes
-                        )
-                        attributes_values = ", ".join(
-                            attribute.Value for attribute in requirement.Attributes
-                        )
-                        attributes_comments = ", ".join(
-                            attribute.Comment for attribute in requirement.Attributes
-                        )
-
+                        for attribute in requirement.Attributes:
+                            attributes_aws_services += attribute.AWSService + "\n"
+                            attributes_categories += attribute.Category + "\n"
+                            attributes_values += attribute.Value + "\n"
+                            attributes_comments += attribute.Comment + "\n"
                        compliance_row = Check_Output_MITRE_ATTACK(
                            Provider=finding.check_metadata.Provider,
                            Description=compliance.Description,
--- a/prowler/lib/outputs/file_descriptors.py
+++ b/prowler/lib/outputs/file_descriptors.py
@@ -15,7 +15,6 @@ from prowler.lib.outputs.models import (
    Check_Output_CSV_AWS_CIS,
    Check_Output_CSV_AWS_ISO27001_2013,
    Check_Output_CSV_AWS_Well_Architected,
-    Check_Output_CSV_AZURE_CIS,
    Check_Output_CSV_ENS_RD2022,
    Check_Output_CSV_GCP_CIS,
    Check_Output_CSV_Generic_Compliance,
@@ -24,7 +23,6 @@ from prowler.lib.outputs.models import (
 )
 from prowler.lib.utils.utils import file_exists, open_file
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
-from prowler.providers.azure.lib.audit_info.models import Azure_Audit_Info
 from prowler.providers.common.outputs import get_provider_output_model
 from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info

@@ -115,16 +113,7 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
                            filename, output_mode, audit_info, Check_Output_CSV_GCP_CIS
                        )
                        file_descriptors.update({output_mode: file_descriptor})
-                elif isinstance(audit_info, Azure_Audit_Info):
-                    filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
-                    if "cis_" in output_mode:
-                        file_descriptor = initialize_file_descriptor(
-                            filename,
-                            output_mode,
-                            audit_info,
-                            Check_Output_CSV_AZURE_CIS,
-                        )
-                        file_descriptors.update({output_mode: file_descriptor})
+
                elif isinstance(audit_info, AWS_Audit_Info):
                    if output_mode == "json-asff":
                        filename = f"{output_directory}/{output_filename}{json_asff_file_suffix}"
--- a/prowler/lib/outputs/html.py
+++ b/prowler/lib/outputs/html.py
@@ -1,4 +1,3 @@
-import html
 import importlib
 import sys
 from os import path
@@ -31,9 +30,9 @@ def add_html_header(file_descriptor, audit_info):
        <!DOCTYPE html>
    <html lang="en">
    <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <!-- Required meta tags -->
-    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <style>
        .read-more {
            color: #00f;
@@ -49,7 +48,7 @@ def add_html_header(file_descriptor, audit_info):
    </style>
    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css"
-        integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous" />
+        integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
    <!-- https://datatables.net/download/index with jQuery, DataTables, Buttons, SearchPanes, and Select //-->
    <link rel="stylesheet" type="text/css"
        href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.25/b-1.7.1/sp-1.4.0/sl-1.3.3/datatables.min.css" />
@@ -79,13 +78,13 @@ def add_html_header(file_descriptor, audit_info):
    <div class="container-fluid">
        <div class="row mt-3">
        <div class="col-md-4">
-            <a href=\""""
+            <a href="""
            + html_logo_url
-            + """\"><img class="float-left card-img-left mt-4 mr-4 ml-4"
-                        src=\""""
+            + """><img class="float-left card-img-left mt-4 mr-4 ml-4"
+                        src="""
            + html_logo_img
-            + """\"
-                        alt="prowler-logo" /></a>
+            + """
+                        alt="prowler-logo"></a>
            <div class="card">
            <div class="card-header">
                Report Information
@@ -183,13 +182,13 @@ def fill_html(file_descriptor, finding, output_options):
                    <td>{finding.check_metadata.Severity}</td>
                    <td>{finding.check_metadata.ServiceName}</td>
                    <td>{finding.location.lower() if isinstance(finding, Check_Report_GCP) else finding.region if isinstance(finding, Check_Report_AWS) else ""}</td>
-                    <td>{finding.check_metadata.CheckID.replace("_", "<wbr />_")}</td>
+                    <td>{finding.check_metadata.CheckID.replace("_", "<wbr>_")}</td>
                    <td>{finding.check_metadata.CheckTitle}</td>
-                    <td>{finding.resource_id.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr />_")}</td>
+                    <td>{finding.resource_id.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr>_")}</td>
                    <td>{parse_html_string(unroll_tags(finding.resource_tags))}</td>
-                    <td>{finding.status_extended.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr />_")}</td>
-                    <td><p class="show-read-more">{html.escape(finding.check_metadata.Risk)}</p></td>
-                    <td><p class="show-read-more">{html.escape(finding.check_metadata.Remediation.Recommendation.Text)}</p> <a class="read-more" href="{finding.check_metadata.Remediation.Recommendation.Url}"><i class="fas fa-external-link-alt"></i></a></td>
+                    <td>{finding.status_extended.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr>_")}</td>
+                    <td><p class="show-read-more">{finding.check_metadata.Risk}</p></td>
+                    <td><p class="show-read-more">{finding.check_metadata.Remediation.Recommendation.Text}</p> <a class="read-more" href="{finding.check_metadata.Remediation.Recommendation.Url}"><i class="fas fa-external-link-alt"></i></a></td>
                    <td><p class="show-read-more">{parse_html_string(unroll_dict(get_check_compliance(finding, finding.check_metadata.Provider, output_options)))}</p></td>
                </tr>
                """
@@ -248,6 +247,8 @@ def add_html_footer(output_filename, output_directory):
            </table>
        </div>
    </div>
+    </div>
+    </div>
    <!-- Table search and paginator -->
    <!-- Optional JavaScript -->
    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
--- a/prowler/lib/outputs/json.py
+++ b/prowler/lib/outputs/json.py
@@ -100,17 +100,7 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
        if not finding.check_metadata.Remediation.Recommendation.Url:
            finding.check_metadata.Remediation.Recommendation.Url = "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"
        finding_output.Remediation = {
-            "Recommendation": {
-                "Text": (
-                    (
-                        finding.check_metadata.Remediation.Recommendation.Text[:509]
-                        + "..."
-                    )
-                    if len(finding.check_metadata.Remediation.Recommendation.Text) > 512
-                    else finding.check_metadata.Remediation.Recommendation.Text
-                ),
-                "Url": finding.check_metadata.Remediation.Recommendation.Url,
-            }
+            "Recommendation": finding.check_metadata.Remediation.Recommendation
        }

        return finding_output
--- a/prowler/lib/outputs/models.py
+++ b/prowler/lib/outputs/models.py
@@ -24,8 +24,7 @@ def get_check_compliance(finding, provider, output_options):
                compliance_fw = compliance.Framework
                if compliance.Version:
                    compliance_fw = f"{compliance_fw}-{compliance.Version}"
-                # compliance.Provider == "Azure" or "GCP" or "AWS"
-                if compliance.Provider.upper() == provider.upper():
+                if compliance.Provider == provider.upper():
                    if compliance_fw not in check_compliance:
                        check_compliance[compliance_fw] = []
                    for requirement in compliance.Requirements:
@@ -537,8 +536,6 @@ class Check_Output_CSV_ENS_RD2022(BaseModel):
    Requirements_Attributes_Nivel: str
    Requirements_Attributes_Tipo: str
    Requirements_Attributes_Dimensiones: str
-    Requirements_Attributes_ModoEjecucion: str
-    Requirements_Attributes_Dependencias: Optional[str]
    Status: str
    StatusExtended: str
    ResourceId: str
@@ -602,35 +599,6 @@ class Check_Output_CSV_GCP_CIS(BaseModel):
    CheckId: str


-class Check_Output_CSV_AZURE_CIS(BaseModel):
-    """
-    Check_Output_CSV_CIS generates a finding's output in CSV CIS format.
-    """
-
-    Provider: str
-    Description: str
-    Subscription: str
-    AssessmentDate: str
-    Requirements_Id: str
-    Requirements_Description: str
-    Requirements_Attributes_Section: str
-    Requirements_Attributes_Profile: str
-    Requirements_Attributes_AssessmentStatus: str
-    Requirements_Attributes_Description: str
-    Requirements_Attributes_RationaleStatement: str
-    Requirements_Attributes_ImpactStatement: str
-    Requirements_Attributes_RemediationProcedure: str
-    Requirements_Attributes_AuditProcedure: str
-    Requirements_Attributes_AdditionalInformation: str
-    Requirements_Attributes_DefaultValue: str
-    Requirements_Attributes_References: str
-    Status: str
-    StatusExtended: str
-    ResourceId: str
-    ResourceName: str
-    CheckId: str
-
-
 class Check_Output_CSV_Generic_Compliance(BaseModel):
    """
    Check_Output_CSV_Generic_Compliance generates a finding's output in CSV Generic Compliance format.
--- a/prowler/lib/outputs/outputs.py
+++ b/prowler/lib/outputs/outputs.py
@@ -67,15 +67,15 @@ def report(check_findings, output_options, audit_info):
                            compliance in output_options.output_modes
                            for compliance in available_compliance_frameworks
                        ):
-                            add_manual_controls(
+                            fill_compliance(
                                output_options,
+                                finding,
                                audit_info,
                                file_descriptors,
                            )

-                            fill_compliance(
+                            add_manual_controls(
                                output_options,
-                                finding,
                                audit_info,
                                file_descriptors,
                            )
--- a/prowler/lib/outputs/summary_table.py
+++ b/prowler/lib/outputs/summary_table.py
@@ -45,7 +45,6 @@ def display_summary_table(
                "Service": "",
                "Provider": "",
                "Total": 0,
-                "Pass": 0,
                "Critical": 0,
                "High": 0,
                "Medium": 0,
@@ -79,7 +78,6 @@ def display_summary_table(
                current["Total"] += 1
                if finding.status == "PASS":
                    pass_count += 1
-                    current["Pass"] += 1
                elif finding.status == "FAIL":
                    fail_count += 1
                    if finding.check_metadata.Severity == "critical":
@@ -159,8 +157,7 @@ def add_service_to_table(findings_table, current):
        )
        current["Status"] = f"{Fore.RED}FAIL ({total_fails}){Style.RESET_ALL}"
    else:
-        current["Status"] = f"{Fore.GREEN}PASS ({current['Pass']}){Style.RESET_ALL}"
-
+        current["Status"] = f"{Fore.GREEN}PASS ({current['Total']}){Style.RESET_ALL}"
    findings_table["Provider"].append(current["Provider"])
    findings_table["Service"].append(current["Service"])
    findings_table["Status"].append(current["Status"])
--- a/prowler/lib/utils/utils.py
+++ b/prowler/lib/utils/utils.py
@@ -12,14 +12,13 @@ from time import mktime
 from detect_secrets import SecretsCollection
 from detect_secrets.settings import default_settings

-from prowler.config.config import encoding_format_utf_8
 from prowler.lib.logger import logger


 def open_file(input_file: str, mode: str = "r") -> TextIOWrapper:
    """open_file returns a handler to the file using the specified mode."""
    try:
-        f = open(input_file, mode, encoding=encoding_format_utf_8)
+        f = open(input_file, mode)
    except OSError as os_error:
        if os_error.strerror == "Too many open files":
            logger.critical(
@@ -67,7 +66,7 @@ def file_exists(filename: str):

 def hash_sha512(string: str) -> str:
    """hash_sha512 returns the first 9 bytes of the SHA512 representation for the given string."""
-    return sha512(string.encode(encoding_format_utf_8)).hexdigest()[0:9]
+    return sha512(string.encode("utf-8")).hexdigest()[0:9]


 def detect_secrets_scan(data):
--- a/prowler/providers/aws/aws_provider.py
+++ b/prowler/providers/aws/aws_provider.py
@@ -1,13 +1,10 @@
 import os
 import pathlib
 import sys
-from datetime import datetime

 from boto3 import client, session
 from botocore.credentials import RefreshableCredentials
 from botocore.session import get_session
-from pytz import utc
-from tzlocal import get_localzone

 from prowler.config.config import aws_services_json_file
 from prowler.lib.check.check import list_modules, recover_checks_from_service
@@ -17,7 +14,6 @@ from prowler.providers.aws.config import (
    AWS_STS_GLOBAL_ENDPOINT_REGION,
    ROLE_SESSION_NAME,
 )
-from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
 from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
 from prowler.providers.aws.lib.credentials.credentials import create_sts_session

@@ -102,30 +98,18 @@ class AWS_Provider:
    # https://github.com/boto/botocore/blob/098cc255f81a25b852e1ecdeb7adebd94c7b1b73/botocore/credentials.py#L570
    def refresh_credentials(self):
        logger.info("Refreshing assumed credentials...")
-        current_credentials = current_audit_info.credentials
-        refreshed_credentials = {
-            "access_key": current_credentials.aws_access_key_id,
-            "secret_key": current_credentials.aws_secret_access_key,
-            "token": current_credentials.aws_session_token,
-            "expiry_time": (
-                current_credentials.expiration.isoformat()
-                if hasattr(current_credentials, "expiration")
-                else current_credentials.expiry_time.isoformat()
-            ),
-        }
-        if datetime.fromisoformat(refreshed_credentials["expiry_time"]) <= datetime.now(
-            get_localzone()
-        ):
-            response = assume_role(self.aws_session, self.role_info)
-            refreshed_credentials = dict(
-                # Keys of the dict has to be the same as those that are being searched in the parent class
-                # https://github.com/boto/botocore/blob/098cc255f81a25b852e1ecdeb7adebd94c7b1b73/botocore/credentials.py#L609
-                access_key=response["Credentials"]["AccessKeyId"],
-                secret_key=response["Credentials"]["SecretAccessKey"],
-                token=response["Credentials"]["SessionToken"],
-                expiry_time=response["Credentials"]["Expiration"].isoformat(),
-            )
-            logger.info("Refreshed Credentials")
+
+        response = assume_role(self.aws_session, self.role_info)
+        refreshed_credentials = dict(
+            # Keys of the dict has to be the same as those that are being searched in the parent class
+            # https://github.com/boto/botocore/blob/098cc255f81a25b852e1ecdeb7adebd94c7b1b73/botocore/credentials.py#L609
+            access_key=response["Credentials"]["AccessKeyId"],
+            secret_key=response["Credentials"]["SecretAccessKey"],
+            token=response["Credentials"]["SessionToken"],
+            expiry_time=response["Credentials"]["Expiration"].isoformat(),
+        )
+        logger.info("Refreshed Credentials:")
+        logger.info(refreshed_credentials)
        return refreshed_credentials


@@ -162,17 +146,6 @@ def assume_role(

        sts_client = create_sts_session(session, sts_endpoint_region)
        assumed_credentials = sts_client.assume_role(**assume_role_arguments)
-
-        # Convert the UTC datetime object to your local timezone
-        credentials_expiration_local_time = (
-            assumed_credentials["Credentials"]["Expiration"]
-            .replace(tzinfo=utc)
-            .astimezone(get_localzone())
-        )
-        assumed_credentials["Credentials"][
-            "Expiration"
-        ] = credentials_expiration_local_time
-
    except Exception as error:
        logger.critical(
            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
--- a/prowler/providers/aws/aws_regions_by_service.json
+++ b/prowler/providers/aws/aws_regions_by_service.json
--- a/prowler/providers/aws/lib/allowlist/allowlist.py
+++ b/prowler/providers/aws/lib/allowlist/allowlist.py
@@ -118,8 +118,8 @@ def parse_allowlist_file(audit_info, allowlist_file):
 def allowlist_findings(
    allowlist: dict,
    audited_account: str,
-    check_findings: list[Any],
-) -> list[Any]:
+    check_findings: [Any],
+):
    # Check if finding is allowlisted
    for finding in check_findings:
        if is_allowlisted(
@@ -141,21 +141,7 @@ def is_allowlisted(
    finding_region: str,
    finding_resource: str,
    finding_tags,
-) -> bool:
-    """
-    Check if the provided finding is allowlisted for the audited account, check, region, resource and tags.
-
-    Args:
-        mutelist (dict): Dictionary containing information about allowlisted checks for different accounts.
-        audited_account (str): The account being audited.
-        check (str): The check to be evaluated for allowlisting.
-        finding_region (str): The region where the finding occurred.
-        finding_resource (str): The resource related to the finding.
-        finding_tags: The tags associated with the finding.
-
-    Returns:
-        bool: True if the finding is allowlisted for the audited account, check, region, resource and tags., otherwise False.
-    """
+):
    try:
        # By default is not allowlisted
        is_finding_allowlisted = False
@@ -177,10 +163,10 @@ def is_allowlisted(

        return is_finding_allowlisted
    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        return False
+        sys.exit(1)


 def is_allowlisted_in_check(
@@ -190,21 +176,7 @@ def is_allowlisted_in_check(
    finding_region,
    finding_resource,
    finding_tags,
-) -> bool:
-    """
-    Check if the provided check is allowlisted.
-
-    Args:
-        allowlisted_checks (dict): Dictionary containing information about allowlisted checks.
-        audited_account (str): The account to be audited.
-        check (str): The check to be evaluated for allowlisting.
-        finding_region (str): The region where the finding occurred.
-        finding_resource (str): The resource related to the finding.
-        finding_tags (str): The tags associated with the finding.
-
-    Returns:
-        bool: True if the check is allowlisted, otherwise False.
-    """
+):
    try:
        # Default value is not allowlisted
        is_check_allowlisted = False
@@ -213,23 +185,14 @@ def is_allowlisted_in_check(
            # map lambda to awslambda
            allowlisted_check = re.sub("^lambda", "awslambda", allowlisted_check)

-            check_match = (
-                "*" == allowlisted_check
-                or check == allowlisted_check
-                or re.search(allowlisted_check, check)
-            )
-
            # Check if the finding is excepted
            exceptions = allowlisted_check_info.get("Exceptions")
-            if (
-                is_excepted(
-                    exceptions,
-                    audited_account,
-                    finding_region,
-                    finding_resource,
-                    finding_tags,
-                )
-                and check_match
+            if is_excepted(
+                exceptions,
+                audited_account,
+                finding_region,
+                finding_resource,
+                finding_tags,
            ):
                # Break loop and return default value since is excepted
                break
@@ -242,7 +205,11 @@ def is_allowlisted_in_check(
                allowlisted_tags = "*"

            # If there is a *, it affects to all checks
-            if check_match:
+            if (
+                "*" == allowlisted_check
+                or check == allowlisted_check
+                or re.search(allowlisted_check, check)
+            ):
                allowlisted_in_check = True
                allowlisted_in_region = is_allowlisted_in_region(
                    allowlisted_regions, finding_region
@@ -271,74 +238,44 @@ def is_allowlisted_in_check(

        return is_check_allowlisted
    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        return False
+        sys.exit(1)


 def is_allowlisted_in_region(
    allowlisted_regions,
    finding_region,
-) -> bool:
-    """
-    Check if the finding_region is present in the allowlisted_regions.
-
-    Args:
-        allowlisted_regions (list): List of regions in the allowlist.
-        finding_region (str): Region to check if it is allowlisted.
-
-    Returns:
-        bool: True if the finding_region is present in any of the allowlisted_regions, otherwise False.
-    """
+):
    try:
        return __is_item_matched__(allowlisted_regions, finding_region)
    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        return False
+        sys.exit(1)


-def is_allowlisted_in_tags(allowlisted_tags, finding_tags) -> bool:
-    """
-    Check if any of the allowlisted tags are present in the finding tags.
-
-    Args:
-        allowlisted_tags (list): List of allowlisted tags to be checked.
-        finding_tags (str): String containing tags to search for allowlisted tags.
-
-    Returns:
-        bool: True if any of the allowlisted tags are present in the finding tags, otherwise False.
-    """
+def is_allowlisted_in_tags(allowlisted_tags, finding_tags):
    try:
        return __is_item_matched__(allowlisted_tags, finding_tags)
    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        return False
+        sys.exit(1)


-def is_allowlisted_in_resource(allowlisted_resources, finding_resource) -> bool:
-    """
-    Check if any of the allowlisted_resources are present in the finding_resource.
-
-    Args:
-        allowlisted_resources (list): List of allowlisted resources to be checked.
-        finding_resource (str): Resource to search for allowlisted resources.
-
-    Returns:
-        bool: True if any of the allowlisted_resources are present in the finding_resource, otherwise False.
-    """
+def is_allowlisted_in_resource(allowlisted_resources, finding_resource):
    try:
        return __is_item_matched__(allowlisted_resources, finding_resource)

    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        return False
+        sys.exit(1)


 def is_excepted(
@@ -347,20 +284,8 @@ def is_excepted(
    finding_region,
    finding_resource,
    finding_tags,
-) -> bool:
-    """
-    Check if the provided account, region, resource, and tags are excepted based on the exceptions dictionary.
-
-    Args:
-        exceptions (dict): Dictionary containing exceptions for different attributes like Accounts, Regions, Resources, and Tags.
-        audited_account (str): The account to be audited.
-        finding_region (str): The region where the finding occurred.
-        finding_resource (str): The resource related to the finding.
-        finding_tags (str): The tags associated with the finding.
-
-    Returns:
-        bool: True if the account, region, resource, and tags are excepted based on the exceptions, otherwise False.
-    """
+):
+    """is_excepted returns True if the account, region, resource and tags are excepted"""
    try:
        excepted = False
        is_account_excepted = False
@@ -400,36 +325,26 @@ def is_excepted(
                excepted = True
        return excepted
    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        return False
+        sys.exit(1)


 def __is_item_matched__(matched_items, finding_items):
-    """
-    Check if any of the items in matched_items are present in finding_items.
-
-    Args:
-        matched_items (list): List of items to be matched.
-        finding_items (str): String to search for matched items.
-
-    Returns:
-        bool: True if any of the matched_items are present in finding_items, otherwise False.
-    """
+    """__is_item_matched__ return True if any of the matched_items are present in the finding_items, otherwise returns False."""
    try:
        is_item_matched = False
        if matched_items and (finding_items or finding_items == ""):
            for item in matched_items:
-                if item.startswith("*"):
-                    item = ".*" + item[1:]
+                if item == "*":
+                    item = ".*"
                if re.search(item, finding_items):
                    is_item_matched = True
                    break
        return is_item_matched
    except Exception as error:
-        logger.error(
+        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
-        # If something unexpected happens return not matched, thus False
-        return False
+        sys.exit(1)
--- a/prowler/providers/aws/lib/arn/arn.py
+++ b/prowler/providers/aws/lib/arn/arn.py
@@ -45,8 +45,6 @@ def parse_iam_credentials_arn(arn: str) -> ARN:
            arn_parsed.resource_type != "role"
            and arn_parsed.resource_type != "user"
            and arn_parsed.resource_type != "assumed-role"
-            and arn_parsed.resource_type != "root"
-            and arn_parsed.resource_type != "federated-user"
        ):
            raise RoleArnParsingInvalidResourceType
        elif arn_parsed.resource == "":
--- a/prowler/providers/aws/lib/credentials/credentials.py
+++ b/prowler/providers/aws/lib/credentials/credentials.py
@@ -69,9 +69,6 @@ Caller Identity ARN: {Fore.YELLOW}[{audit_info.audited_identity_arn}]{Style.RESE
 def create_sts_session(
    session: session.Session, aws_region: str
 ) -> session.Session.client:
-    sts_endpoint_url = (
-        f"https://sts.{aws_region}.amazonaws.com"
-        if "cn-" not in aws_region
-        else f"https://sts.{aws_region}.amazonaws.com.cn"
+    return session.client(
+        "sts", aws_region, endpoint_url=f"https://sts.{aws_region}.amazonaws.com"
    )
-    return session.client("sts", aws_region, endpoint_url=sts_endpoint_url)
--- a/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py
+++ b/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py
@@ -1,7 +1,5 @@
 def is_condition_block_restrictive(
-    condition_statement: dict,
-    source_account: str,
-    is_cross_account_allowed=False,
+    condition_statement: dict, source_account: str, is_cross_account_allowed=False
 ):
    """
    is_condition_block_restrictive parses the IAM Condition policy block and, by default, returns True if the source_account passed as argument is within, False if not.
@@ -17,9 +15,6 @@ def is_condition_block_restrictive(
        }

    @param source_account: str with a 12-digit AWS Account number, e.g.: 111122223333
-
-    @param is_cross_account_allowed: bool to allow cross-account access, e.g.: True
-
    """
    is_condition_valid = False

@@ -34,8 +29,6 @@ def is_condition_block_restrictive(
            "aws:principalaccount",
            "aws:resourceaccount",
            "aws:sourcearn",
-            "aws:sourcevpc",
-            "aws:sourcevpce",
        ],
        "StringLike": [
            "aws:sourceaccount",
@@ -44,8 +37,6 @@ def is_condition_block_restrictive(
            "aws:principalarn",
            "aws:resourceaccount",
            "aws:principalaccount",
-            "aws:sourcevpc",
-            "aws:sourcevpce",
        ],
        "ArnLike": ["aws:sourcearn", "aws:principalarn"],
        "ArnEquals": ["aws:sourcearn", "aws:principalarn"],
@@ -95,63 +86,3 @@ def is_condition_block_restrictive(
                                is_condition_valid = True

    return is_condition_valid
-
-
-def is_condition_block_restrictive_organization(
-    condition_statement: dict,
-):
-    """
-    is_condition_block_restrictive_organization parses the IAM Condition policy block and returns True if the condition_statement is restrictive for the organization, False if not.
-
-    @param condition_statement: dict with an IAM Condition block, e.g.:
-        {
-            "StringLike": {
-                "AWS:PrincipalOrgID": "o-111122223333"
-            }
-        }
-
-    """
-    is_condition_valid = False
-
-    # The conditions must be defined in lowercase since the context key names are not case-sensitive.
-    # For example, including the aws:PrincipalOrgID context key is equivalent to testing for AWS:PrincipalOrgID
-    # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
-    valid_condition_options = {
-        "StringEquals": [
-            "aws:principalorgid",
-        ],
-        "StringLike": [
-            "aws:principalorgid",
-        ],
-    }
-
-    for condition_operator, condition_operator_key in valid_condition_options.items():
-        if condition_operator in condition_statement:
-            for value in condition_operator_key:
-                # We need to transform the condition_statement into lowercase
-                condition_statement[condition_operator] = {
-                    k.lower(): v
-                    for k, v in condition_statement[condition_operator].items()
-                }
-
-                if value in condition_statement[condition_operator]:
-                    # values are a list
-                    if isinstance(
-                        condition_statement[condition_operator][value],
-                        list,
-                    ):
-                        is_condition_valid = True
-                        for item in condition_statement[condition_operator][value]:
-                            if item == "*":
-                                is_condition_valid = False
-                                break
-
-                    # value is a string
-                    elif isinstance(
-                        condition_statement[condition_operator][value],
-                        str,
-                    ):
-                        if "*" not in condition_statement[condition_operator][value]:
-                            is_condition_valid = True
-
-    return is_condition_valid
--- a/prowler/providers/aws/lib/security_hub/security_hub.py
+++ b/prowler/providers/aws/lib/security_hub/security_hub.py
@@ -86,7 +86,7 @@ def verify_security_hub_integration_enabled_per_region(
        error_message = client_error.response["Error"]["Message"]
        if (
            error_code == "InvalidAccessException"
-            and f"Account {aws_account_number} is not subscribed to AWS Security Hub"
+            and f"Account {aws_account_number} is not subscribed to AWS Security Hub in region {region}"
            in error_message
        ):
            logger.warning(
--- a/prowler/providers/aws/lib/service/service.py
+++ b/prowler/providers/aws/lib/service/service.py
@@ -19,17 +19,6 @@ class AWSService:
    - Also handles if the AWS Service is Global
    """

-    failed_checks = set()
-
-    @classmethod
-    def set_failed_check(cls, check_id=None, arn=None):
-        if check_id is not None and arn is not None:
-            cls.failed_checks.add((check_id.split(".")[-1], arn))
-
-    @classmethod
-    def is_failed_check(cls, check_id, arn):
-        return (check_id.split(".")[-1], arn) in cls.failed_checks
-
    def __init__(self, service: str, audit_info: AWS_Audit_Info, global_service=False):
        # Audit Information
        self.audit_info = audit_info
--- a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json
+++ b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json
@@ -11,13 +11,13 @@
  "Severity": "medium",
  "ResourceType": "Other",
  "Description": "Maintain current contact details.",
-  "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
+  "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
      "CLI": "No command available.",
      "NativeIaC": "",
-      "Other": "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console",
+      "Other": "https://docs.bridgecrew.io/docs/iam_18-maintain-contact-details#aws-console",
      "Terraform": ""
    },
    "Recommendation": {
--- a/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json
+++ b/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json
@@ -11,13 +11,13 @@
  "Severity": "medium",
  "ResourceType": "Other",
  "Description": "Maintain different contact details to security, billing and operations.",
-  "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
+  "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html",
  "Remediation": {
    "Code": {
      "CLI": "",
      "NativeIaC": "",
-      "Other": "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console",
+      "Other": "https://docs.bridgecrew.io/docs/iam_18-maintain-contact-details#aws-console",
      "Terraform": ""
    },
    "Recommendation": {
--- a/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py
+++ b/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py
@@ -6,26 +6,22 @@ class account_maintain_different_contact_details_to_security_billing_and_operati
    Check
 ):
    def execute(self):
-        findings = []
-        if account_client.contact_base:
-            report = Check_Report_AWS(self.metadata())
-            report.region = account_client.region
-            report.resource_id = account_client.audited_account
-            report.resource_arn = account_client.audited_account_arn
+        report = Check_Report_AWS(self.metadata())
+        report.region = account_client.region
+        report.resource_id = account_client.audited_account
+        report.resource_arn = account_client.audited_account_arn

-            if (
-                len(account_client.contact_phone_numbers)
-                == account_client.number_of_contacts
-                and len(account_client.contact_names)
-                == account_client.number_of_contacts
-                # This is because the primary contact has no email field
-                and len(account_client.contact_emails)
-                == account_client.number_of_contacts - 1
-            ):
-                report.status = "PASS"
-                report.status_extended = "SECURITY, BILLING and OPERATIONS contacts found and they are different between each other and between ROOT contact."
-            else:
-                report.status = "FAIL"
-                report.status_extended = "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact."
-            findings.append(report)
-        return findings
+        if (
+            len(account_client.contact_phone_numbers)
+            == account_client.number_of_contacts
+            and len(account_client.contact_names) == account_client.number_of_contacts
+            # This is because the primary contact has no email field
+            and len(account_client.contact_emails)
+            == account_client.number_of_contacts - 1
+        ):
+            report.status = "PASS"
+            report.status_extended = "SECURITY, BILLING and OPERATIONS contacts found and they are different between each other and between ROOT contact."
+        else:
+            report.status = "FAIL"
+            report.status_extended = "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact."
+        return [report]
--- a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json
+++ b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json
@@ -17,7 +17,7 @@
    "Code": {
      "CLI": "No command available.",
      "NativeIaC": "",
-      "Other": "https://docs.prowler.com/checks/aws/iam-policies/iam_19#aws-console",
+      "Other": "https://docs.bridgecrew.io/docs/iam_19#aws-console",
      "Terraform": ""
    },
    "Recommendation": {
--- a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json
+++ b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json
@@ -17,7 +17,7 @@
    "Code": {
      "CLI": "No command available.",
      "NativeIaC": "",
-      "Other": "https://docs.prowler.com/checks/aws/iam-policies/iam_15",
+      "Other": "https://docs.bridgecrew.io/docs/iam_15",
      "Terraform": ""
    },
    "Recommendation": {
--- a/prowler/providers/aws/services/account/account_service.py
+++ b/prowler/providers/aws/services/account/account_service.py
@@ -18,29 +18,28 @@ class Account(AWSService):
        self.contacts_security = self.__get_alternate_contact__("SECURITY")
        self.contacts_operations = self.__get_alternate_contact__("OPERATIONS")

-        if self.contact_base:
-            # Set of contact phone numbers
-            self.contact_phone_numbers = {
-                self.contact_base.phone_number,
-                self.contacts_billing.phone_number,
-                self.contacts_security.phone_number,
-                self.contacts_operations.phone_number,
-            }
+        # Set of contact phone numbers
+        self.contact_phone_numbers = {
+            self.contact_base.phone_number,
+            self.contacts_billing.phone_number,
+            self.contacts_security.phone_number,
+            self.contacts_operations.phone_number,
+        }

-            # Set of contact names
-            self.contact_names = {
-                self.contact_base.name,
-                self.contacts_billing.name,
-                self.contacts_security.name,
-                self.contacts_operations.name,
-            }
+        # Set of contact names
+        self.contact_names = {
+            self.contact_base.name,
+            self.contacts_billing.name,
+            self.contacts_security.name,
+            self.contacts_operations.name,
+        }

-            # Set of contact emails
-            self.contact_emails = {
-                self.contacts_billing.email,
-                self.contacts_security.email,
-                self.contacts_operations.email,
-            }
+        # Set of contact emails
+        self.contact_emails = {
+            self.contacts_billing.email,
+            self.contacts_security.email,
+            self.contacts_operations.email,
+        }

    def __get_contact_information__(self):
        try:
@@ -54,16 +53,10 @@ class Account(AWSService):
                phone_number=primary_account_contact.get("PhoneNumber"),
            )
        except Exception as error:
-            if error.response["Error"]["Code"] == "AccessDeniedException":
-                logger.error(
-                    f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                )
-                return None
-            else:
-                logger.error(
-                    f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                )
-                return Contact(type="PRIMARY")
+            logger.error(
+                f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )
+            return Contact(type="PRIMARY")

    def __get_alternate_contact__(self, contact_type: str):
        try:
--- a/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json
+++ b/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json
@@ -21,7 +21,7 @@
      "Terraform": ""
    },
    "Recommendation": {
-      "Text": "Monitor certificate expiration and take automated action to renew, replace or remove. Having shorter TTL for any security artifact is a general recommendation, but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.",
+      "Text": "Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.",
      "Url": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html"
    }
  },
--- a/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py
+++ b/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py
@@ -1,36 +1,33 @@
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.acm.acm_client import acm_client

+DAYS_TO_EXPIRE_THRESHOLD = 7
+

 class acm_certificates_expiration_check(Check):
    def execute(self):
        findings = []
        for certificate in acm_client.certificates:
-            if certificate.in_use or not acm_client.audit_info.ignore_unused_services:
-                report = Check_Report_AWS(self.metadata())
-                report.region = certificate.region
-                if certificate.expiration_days > acm_client.audit_config.get(
-                    "days_to_expire_threshold", 7
-                ):
-                    report.status = "PASS"
-                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} expires in {certificate.expiration_days} days."
-                    report.resource_id = certificate.id
-                    report.resource_details = certificate.name
-                    report.resource_arn = certificate.arn
-                    report.resource_tags = certificate.tags
+            report = Check_Report_AWS(self.metadata())
+            report.region = certificate.region
+            if certificate.expiration_days > DAYS_TO_EXPIRE_THRESHOLD:
+                report.status = "PASS"
+                report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} expires in {certificate.expiration_days} days."
+                report.resource_id = certificate.id
+                report.resource_details = certificate.name
+                report.resource_arn = certificate.arn
+                report.resource_tags = certificate.tags
+            else:
+                report.status = "FAIL"
+                if certificate.expiration_days < 0:
+                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has expired ({abs(certificate.expiration_days)} days ago)."
                else:
-                    report.status = "FAIL"
-                    if certificate.expiration_days < 0:
-                        report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has expired ({abs(certificate.expiration_days)} days ago)."
-                        report.check_metadata.Severity = "high"
-                    else:
-                        report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {certificate.expiration_days} days."
-                        report.check_metadata.Severity = "medium"
+                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {certificate.expiration_days} days."

-                    report.resource_id = certificate.id
-                    report.resource_details = certificate.name
-                    report.resource_arn = certificate.arn
-                    report.resource_tags = certificate.tags
+                report.resource_id = certificate.id
+                report.resource_details = certificate.name
+                report.resource_arn = certificate.arn
+                report.resource_tags = certificate.tags

-                findings.append(report)
+            findings.append(report)
        return findings
--- a/prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.py
+++ b/prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.py
@@ -6,30 +6,29 @@ class acm_certificates_transparency_logs_enabled(Check):
    def execute(self):
        findings = []
        for certificate in acm_client.certificates:
-            if certificate.in_use or not acm_client.audit_info.ignore_unused_services:
-                report = Check_Report_AWS(self.metadata())
-                report.region = certificate.region
-                if certificate.type == "IMPORTED":
-                    report.status = "PASS"
-                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is imported."
+            report = Check_Report_AWS(self.metadata())
+            report.region = certificate.region
+            if certificate.type == "IMPORTED":
+                report.status = "PASS"
+                report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is imported."
+                report.resource_id = certificate.id
+                report.resource_details = certificate.name
+                report.resource_arn = certificate.arn
+                report.resource_tags = certificate.tags
+            else:
+                if not certificate.transparency_logging:
+                    report.status = "FAIL"
+                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has Certificate Transparency logging disabled."
                    report.resource_id = certificate.id
                    report.resource_details = certificate.name
                    report.resource_arn = certificate.arn
                    report.resource_tags = certificate.tags
                else:
-                    if not certificate.transparency_logging:
-                        report.status = "FAIL"
-                        report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has Certificate Transparency logging disabled."
-                        report.resource_id = certificate.id
-                        report.resource_details = certificate.name
-                        report.resource_arn = certificate.arn
-                        report.resource_tags = certificate.tags
-                    else:
-                        report.status = "PASS"
-                        report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has Certificate Transparency logging enabled."
-                        report.resource_id = certificate.id
-                        report.resource_details = certificate.name
-                        report.resource_arn = certificate.arn
-                        report.resource_tags = certificate.tags
-                findings.append(report)
+                    report.status = "PASS"
+                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has Certificate Transparency logging enabled."
+                    report.resource_id = certificate.id
+                    report.resource_details = certificate.name
+                    report.resource_arn = certificate.arn
+                    report.resource_tags = certificate.tags
+            findings.append(report)
        return findings
--- a/prowler/providers/aws/services/acm/acm_service.py
+++ b/prowler/providers/aws/services/acm/acm_service.py
@@ -50,7 +50,6 @@ class ACM(AWSService):
                                id=certificate["CertificateArn"].split("/")[-1],
                                type=certificate["Type"],
                                expiration_days=certificate_expiration_time,
-                                in_use=certificate.get("InUse", False),
                                transparency_logging=False,
                                region=regional_client.region,
                            )
@@ -100,6 +99,5 @@ class Certificate(BaseModel):
    type: str
    tags: Optional[list] = []
    expiration_days: int
-    in_use: bool
    transparency_logging: Optional[bool]
    region: str
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json
@@ -19,9 +19,9 @@
  "Remediation": {
    "Code": {
      "CLI": "",
-      "NativeIaC": "https://docs.prowler.com/checks/aws/public-policies/public_6-api-gateway-authorizer-set#cloudformation",
+      "NativeIaC": "https://docs.bridgecrew.io/docs/public_6-api-gateway-authorizer-set#cloudformation",
      "Other": "",
-      "Terraform": "https://docs.prowler.com/checks/aws/public-policies/public_6-api-gateway-authorizer-set#terraform"
+      "Terraform": "https://docs.bridgecrew.io/docs/public_6-api-gateway-authorizer-set#terraform"
    },
    "Recommendation": {
      "Text": "Implement Amazon Cognito or a Lambda function to control access to your API.",
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json
@@ -12,7 +12,7 @@
  "SubServiceName": "rest_api",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsApiGatewayRestApi",
+  "ResourceType": "AwsApiGatewayStage",
  "Description": "Check if API Gateway Stage has client certificate enabled to access your backend endpoint.",
  "Risk": "Possible man in the middle attacks and other similar risks.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json
@@ -12,7 +12,7 @@
  "SubServiceName": "rest_api",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsApiGatewayRestApi",
+  "ResourceType": "AwsApiGatewayStage",
  "Description": "Check if API Gateway Stage has logging enabled.",
  "Risk": "If not enabled, monitoring of service use is not possible. Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms.",
  "RelatedUrl": "",
@@ -21,7 +21,7 @@
      "CLI": "",
      "NativeIaC": "",
      "Other": "",
-      "Terraform": "https://docs.prowler.com/checks/aws/logging-policies/ensure-api-gateway-stage-have-logging-level-defined-as-appropiate#terraform"
+      "Terraform": "https://docs.bridgecrew.io/docs/ensure-api-gateway-stage-have-logging-level-defined-as-appropiate#terraform"
    },
    "Recommendation": {
      "Text": "Monitoring is an important part of maintaining the reliability, availability and performance of API Gateway and your AWS solutions. You should collect monitoring data from all of the parts of your AWS solution. CloudTrail provides a record of actions taken by a user, role, or an AWS service in API Gateway. Using the information collected by CloudTrail, you can determine the request that was made to API Gateway, the IP address from which the request was made, who made the request, etc.",
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json
@@ -12,7 +12,7 @@
  "SubServiceName": "rest_api",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsApiGatewayRestApi",
+  "ResourceType": "AwsApiGatewayStage",
  "Description": "Check if API Gateway Stage has a WAF ACL attached.",
  "Risk": "Potential attacks and / or abuse of service, more even for even for internet reachable services.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/apigateway/apigateway_service.py
+++ b/prowler/providers/aws/services/apigateway/apigateway_service.py
@@ -1,6 +1,5 @@
 from typing import Optional

-from botocore.exceptions import ClientError
 from pydantic import BaseModel

 from prowler.lib.logger import logger
@@ -48,28 +47,12 @@ class APIGateway(AWSService):
        logger.info("APIGateway - Getting Rest APIs authorizer...")
        try:
            for rest_api in self.rest_apis:
-                try:
-                    regional_client = self.regional_clients[rest_api.region]
-                    authorizers = regional_client.get_authorizers(
-                        restApiId=rest_api.id
-                    )["items"]
-                    if authorizers:
-                        rest_api.authorizer = True
-
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "NotFoundException":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-
-                except Exception as error:
-                    logger.error(
-                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
+                regional_client = self.regional_clients[rest_api.region]
+                authorizers = regional_client.get_authorizers(restApiId=rest_api.id)[
+                    "items"
+                ]
+                if authorizers:
+                    rest_api.authorizer = True
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -79,25 +62,10 @@ class APIGateway(AWSService):
        logger.info("APIGateway - Describing Rest API...")
        try:
            for rest_api in self.rest_apis:
-                try:
-                    regional_client = self.regional_clients[rest_api.region]
-                    rest_api_info = regional_client.get_rest_api(restApiId=rest_api.id)
-                    if rest_api_info["endpointConfiguration"]["types"] == ["PRIVATE"]:
-                        rest_api.public_endpoint = False
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "NotFoundException":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-
-                except Exception as error:
-                    logger.error(
-                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
+                regional_client = self.regional_clients[rest_api.region]
+                rest_api_info = regional_client.get_rest_api(restApiId=rest_api.id)
+                if rest_api_info["endpointConfiguration"]["types"] == ["PRIVATE"]:
+                    rest_api.public_endpoint = False
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -107,44 +75,29 @@ class APIGateway(AWSService):
        logger.info("APIGateway - Getting stages for Rest APIs...")
        try:
            for rest_api in self.rest_apis:
-                try:
-                    regional_client = self.regional_clients[rest_api.region]
-                    stages = regional_client.get_stages(restApiId=rest_api.id)
-                    for stage in stages["item"]:
-                        waf = None
-                        logging = False
-                        client_certificate = False
-                        if "webAclArn" in stage:
-                            waf = stage["webAclArn"]
-                        if "methodSettings" in stage:
-                            if stage["methodSettings"]:
-                                logging = True
-                        if "clientCertificateId" in stage:
-                            client_certificate = True
-                        arn = f"arn:{self.audited_partition}:apigateway:{regional_client.region}::/restapis/{rest_api.id}/stages/{stage['stageName']}"
-                        rest_api.stages.append(
-                            Stage(
-                                name=stage["stageName"],
-                                arn=arn,
-                                logging=logging,
-                                client_certificate=client_certificate,
-                                waf=waf,
-                                tags=[stage.get("tags")],
-                            )
+                regional_client = self.regional_clients[rest_api.region]
+                stages = regional_client.get_stages(restApiId=rest_api.id)
+                for stage in stages["item"]:
+                    waf = None
+                    logging = False
+                    client_certificate = False
+                    if "webAclArn" in stage:
+                        waf = stage["webAclArn"]
+                    if "methodSettings" in stage:
+                        if stage["methodSettings"]:
+                            logging = True
+                    if "clientCertificateId" in stage:
+                        client_certificate = True
+                    arn = f"arn:{self.audited_partition}:apigateway:{regional_client.region}::/restapis/{rest_api.id}/stages/{stage['stageName']}"
+                    rest_api.stages.append(
+                        Stage(
+                            name=stage["stageName"],
+                            arn=arn,
+                            logging=logging,
+                            client_certificate=client_certificate,
+                            waf=waf,
+                            tags=[stage.get("tags")],
                        )
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "NotFoundException":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-
-                except Exception as error:
-                    logger.error(
-                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                    )
        except Exception as error:
            logger.error(
@@ -155,50 +108,33 @@ class APIGateway(AWSService):
        logger.info("APIGateway - Getting API resources...")
        try:
            for rest_api in self.rest_apis:
-                try:
-                    regional_client = self.regional_clients[rest_api.region]
-                    get_resources_paginator = regional_client.get_paginator(
-                        "get_resources"
-                    )
-                    for page in get_resources_paginator.paginate(restApiId=rest_api.id):
-                        for resource in page["items"]:
-                            id = resource["id"]
-                            resource_methods = []
-                            methods_auth = {}
-                            for resource_method in resource.get(
-                                "resourceMethods", {}
-                            ).keys():
-                                resource_methods.append(resource_method)
+                regional_client = self.regional_clients[rest_api.region]
+                get_resources_paginator = regional_client.get_paginator("get_resources")
+                for page in get_resources_paginator.paginate(restApiId=rest_api.id):
+                    for resource in page["items"]:
+                        id = resource["id"]
+                        resource_methods = []
+                        methods_auth = {}
+                        for resource_method in resource.get(
+                            "resourceMethods", {}
+                        ).keys():
+                            resource_methods.append(resource_method)

-                            for resource_method in resource_methods:
-                                if resource_method != "OPTIONS":
-                                    method_config = regional_client.get_method(
-                                        restApiId=rest_api.id,
-                                        resourceId=id,
-                                        httpMethod=resource_method,
-                                    )
-                                    auth_type = method_config["authorizationType"]
-                                    methods_auth.update({resource_method: auth_type})
-
-                            rest_api.resources.append(
-                                PathResourceMethods(
-                                    path=resource["path"], resource_methods=methods_auth
+                        for resource_method in resource_methods:
+                            if resource_method != "OPTIONS":
+                                method_config = regional_client.get_method(
+                                    restApiId=rest_api.id,
+                                    resourceId=id,
+                                    httpMethod=resource_method,
                                )
-                            )
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "NotFoundException":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
+                                auth_type = method_config["authorizationType"]
+                                methods_auth.update({resource_method: auth_type})

-                except Exception as error:
-                    logger.error(
-                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
+                        rest_api.resources.append(
+                            PathResourceMethods(
+                                path=resource["path"], resource_methods=methods_auth
+                            )
+                        )

        except Exception as error:
            logger.error(
--- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json
@@ -20,8 +20,8 @@
    "Code": {
      "CLI": "",
      "NativeIaC": "",
-      "Other": "https://docs.prowler.com/checks/aws/logging-policies/bc_aws_logging_30#aws-console",
-      "Terraform": "https://docs.prowler.com/checks/aws/logging-policies/bc_aws_logging_30#cloudformation"
+      "Other": "https://docs.bridgecrew.io/docs/bc_aws_logging_30#aws-console",
+      "Terraform": "https://docs.bridgecrew.io/docs/bc_aws_logging_30#cloudformation"
    },
    "Recommendation": {
      "Text": "Monitoring is an important part of maintaining the reliability, availability and performance of API Gateway and your AWS solutions. You should collect monitoring data from all of the parts of your AWS solution. CloudTrail provides a record of actions taken by a user, role, or an AWS service in API Gateway. Using the information collected by CloudTrail, you can determine the request that was made to API Gateway, the IP address from which the request was made, who made the request, etc.",
--- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py
+++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py
@@ -32,7 +32,7 @@ class ApiGatewayV2(AWSService):
                                arn=arn,
                                id=apigw["ApiId"],
                                region=regional_client.region,
-                                name=apigw.get("Name", ""),
+                                name=apigw["Name"],
                                tags=[apigw.get("Tags")],
                            )
                        )
--- a/prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure default Internet Access from your Amazon AppStream fleet streaming instances should remain unchecked.",
  "Risk": "Default Internet Access from your fleet streaming instances should be controlled using a NAT gateway in the VPC.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure user maximum session duration is no longer than 10 hours.",
  "Risk": "Having a session duration lasting longer than 10 hours should not be necessary and if running for any malicious reasons provides a greater time for usage than should be allowed.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure session disconnect timeout is set to 5 minutes or less",
  "Risk": "Disconnect timeout in minutes, is the amount of of time that a streaming session remains active after users disconnect.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure session idle disconnect timeout is set to 10 minutes or less.",
  "Risk": "Idle disconnect timeout in minutes is the amount of time that users can be inactive before they are disconnected from their streaming session and the Disconnect timeout in minutes time begins.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json
+++ b/prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:athena:region:account-id:workgroup/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsAthenaWorkGroup",
+  "ResourceType": "WorkGroup",
  "Description": "Ensure that encryption at rest is enabled for Amazon Athena query results stored in Amazon S3 in order to secure data and meet compliance requirements for data-at-rest encryption.",
  "Risk": "If not enabled sensitive information at rest is not protected.",
  "RelatedUrl": "https://docs.aws.amazon.com/athena/latest/ug/encryption.html",
@@ -18,7 +18,7 @@
      "CLI": "aws athena update-work-group --region <REGION> --work-group <workgroup_name> --configuration-updates ResultConfigurationUpdates={EncryptionConfiguration={EncryptionOption=SSE_S3|SSE_KMS|CSE_KMS}}",
      "NativeIaC": "",
      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Athena/encryption-enabled.html",
-      "Terraform": "https://docs.prowler.com/checks/aws/general-policies/ensure-that-athena-workgroup-is-encrypted#terraform"
+      "Terraform": "https://docs.bridgecrew.io/docs/ensure-that-athena-workgroup-is-encrypted#terraform"
    },
    "Recommendation": {
      "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.",
--- a/prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json
+++ b/prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json
@@ -9,16 +9,16 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:athena:region:account-id:workgroup/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsAthenaWorkGroup",
+  "ResourceType": "WorkGroup",
  "Description": "Ensure that workgroup configuration is enforced so it cannot be overriden by client-side settings.",
  "Risk": "If workgroup configuration is not enforced security settings like encryption can be overriden by client-side settings.",
  "RelatedUrl": "https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html",
  "Remediation": {
    "Code": {
      "CLI": "aws athena update-work-group --region <REGION> --work-group <workgroup_name> --configuration-updates EnforceWorkGroupConfiguration=True",
-      "NativeIaC": "https://docs.prowler.com/checks/aws/general-policies/bc_aws_general_33#cloudformation",
+      "NativeIaC": "https://docs.bridgecrew.io/docs/bc_aws_general_33#cloudformation",
      "Other": "",
-      "Terraform": "https://docs.prowler.com/checks/aws/general-policies/bc_aws_general_33#terraform"
+      "Terraform": "https://docs.bridgecrew.io/docs/bc_aws_general_33#terraform"
    },
    "Recommendation": {
      "Text": "Ensure that workgroup configuration is enforced so it cannot be overriden by client-side settings.",
@@ -29,4 +29,4 @@
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": ""
-}
+}
--- a/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:autoscaling:region:account-id:autoScalingGroupName/resource-name",
  "Severity": "critical",
-  "ResourceType": "AwsAutoScalingLaunchConfiguration",
+  "ResourceType": "Other",
  "Description": "Find secrets in EC2 Auto Scaling Launch Configuration",
  "Risk": "The use of a hard-coded password increases the possibility of password guessing.  If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.py
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.py
@@ -6,9 +6,7 @@ from base64 import b64decode
 from detect_secrets import SecretsCollection
 from detect_secrets.settings import default_settings

-from prowler.config.config import encoding_format_utf_8
 from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.lib.logger import logger
 from prowler.providers.aws.services.autoscaling.autoscaling_client import (
    autoscaling_client,
 )
@@ -27,23 +25,12 @@ class autoscaling_find_secrets_ec2_launch_configuration(Check):
                temp_user_data_file = tempfile.NamedTemporaryFile(delete=False)
                user_data = b64decode(configuration.user_data)

-                try:
-                    if user_data[0:2] == b"\x1f\x8b":  # GZIP magic number
-                        user_data = zlib.decompress(
-                            user_data, zlib.MAX_WBITS | 32
-                        ).decode(encoding_format_utf_8)
-                    else:
-                        user_data = user_data.decode(encoding_format_utf_8)
-                except UnicodeDecodeError as error:
-                    logger.warning(
-                        f"{configuration.region} -- Unable to decode user data in autoscaling launch configuration {configuration.name}: {error}"
+                if user_data[0:2] == b"\x1f\x8b":  # GZIP magic number
+                    user_data = zlib.decompress(user_data, zlib.MAX_WBITS | 32).decode(
+                        "utf-8"
                    )
-                    continue
-                except Exception as error:
-                    logger.warning(
-                        f"{configuration.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
-                    continue
+                else:
+                    user_data = user_data.decode("utf-8")

                temp_user_data_file.write(
                    bytes(user_data, encoding="raw_unicode_escape")
--- a/prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json
@@ -7,7 +7,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:autoscaling:region:account-id:autoScalingGroupName/resource-name",
  "Severity": "medium",
-  "ResourceType": "AwsAutoScalingAutoScalingGroup",
+  "ResourceType": "Other",
  "Description": "EC2 Auto Scaling Group should use multiple Availability Zones",
  "Risk": "In case of a failure in a single Availability Zone, the Auto Scaling Group will not be able to launch new instances to replace the failed ones.",
  "RelatedUrl": "https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html",
--- a/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json
@@ -9,7 +9,7 @@
  "Severity": "low",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Check if Lambda functions invoke API operations are being recorded by CloudTrail.",
-  "Risk": "If logs are not enabled, monitoring of service use and threat analysis is not possible.",
+  "Risk": "If logs are not enabled; monitoring of service use and threat analysis is not possible.",
  "RelatedUrl": "https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html",
  "Remediation": {
    "Code": {
--- a/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py
@@ -20,7 +20,7 @@ class awslambda_function_invoke_api_operations_cloudtrail_logging_enabled(Check)
                f"Lambda function {function.name} is not recorded by CloudTrail."
            )
            lambda_recorded_cloudtrail = False
-            for trail in cloudtrail_client.trails.values():
+            for trail in cloudtrail_client.trails:
                for data_event in trail.data_events:
                    # classic event selectors
                    if not data_event.is_advanced:
@@ -28,8 +28,7 @@ class awslambda_function_invoke_api_operations_cloudtrail_logging_enabled(Check)
                            for resource in data_event.event_selector["DataResources"]:
                                if resource["Type"] == "AWS::Lambda::Function" and (
                                    function.arn in resource["Values"]
-                                    or f"arn:{awslambda_client.audited_partition}:lambda"
-                                    in resource["Values"]
+                                    or "arn:aws:lambda" in resource["Values"]
                                ):
                                    lambda_recorded_cloudtrail = True
                                    break
--- a/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json
@@ -9,7 +9,7 @@
  "Severity": "critical",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Find secrets in Lambda functions code.",
-  "Risk": "The use of a hard-coded password increases the possibility of password guessing.  If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
+  "Risk": "The use of a hard-coded password increases the possibility of password guessing.  If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html",
  "Remediation": {
    "Code": {
--- a/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json
@@ -9,14 +9,14 @@
  "Severity": "critical",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Find secrets in Lambda functions variables.",
-  "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
+  "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html",
  "Remediation": {
    "Code": {
-      "CLI": "https://docs.prowler.com/checks/aws/secrets-policies/bc_aws_secrets_3#cli-command",
-      "NativeIaC": "https://docs.prowler.com/checks/aws/secrets-policies/bc_aws_secrets_3#cloudformation",
+      "CLI": "https://docs.bridgecrew.io/docs/bc_aws_secrets_3#cli-command",
+      "NativeIaC": "https://docs.bridgecrew.io/docs/bc_aws_secrets_3#cloudformation",
      "Other": "",
-      "Terraform": "https://docs.prowler.com/checks/aws/secrets-policies/bc_aws_secrets_3#terraform"
+      "Terraform": "https://docs.bridgecrew.io/docs/bc_aws_secrets_3#terraform"
    },
    "Recommendation": {
      "Text": "Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.",
--- a/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json
@@ -28,5 +28,5 @@
  ],
  "DependsOn": [],
  "RelatedTo": [],
-  "Notes": "It gives a false positive if the function is exposed publicly by an other public resource like an ALB or API Gateway in an AWS Account when an AWS account ID is set as the principal of the policy."
+  "Notes": ""
 }
--- a/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.py
@@ -19,30 +19,20 @@ class awslambda_function_not_publicly_accessible(Check):
            if function.policy:
                for statement in function.policy["Statement"]:
                    # Only check allow statements
-                    if statement["Effect"] == "Allow" and (
-                        "*" in statement["Principal"]
-                        or (
-                            isinstance(statement["Principal"], dict)
-                            and (
-                                "*" in statement["Principal"].get("AWS", "")
-                                or "*"
-                                in statement["Principal"].get("CanonicalUser", "")
-                                or (  # Check if function can be invoked by other AWS services
-                                    (
-                                        ".amazonaws.com"
-                                        in statement["Principal"].get("Service", "")
-                                    )
-                                    and (
-                                        "*" in statement.get("Action", "")
-                                        or "InvokeFunction"
-                                        in statement.get("Action", "")
-                                    )
-                                )
+                    if statement["Effect"] == "Allow":
+                        if (
+                            "*" in statement["Principal"]
+                            or (
+                                "AWS" in statement["Principal"]
+                                and "*" in statement["Principal"]["AWS"]
                            )
-                        )
-                    ):
-                        public_access = True
-                        break
+                            or (
+                                "CanonicalUser" in statement["Principal"]
+                                and "*" in statement["Principal"]["CanonicalUser"]
+                            )
+                        ):
+                            public_access = True
+                            break

            if public_access:
                report.status = "FAIL"
--- a/prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json
@@ -9,7 +9,7 @@
  "Severity": "medium",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Find obsolete Lambda runtimes.",
-  "Risk": "If you have functions running on a runtime that will be deprecated in the next 60 days, Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases, such as security issues that require a backwards-incompatible update, or software that does not support a long-term support (LTS) schedule, advance notice might not be possible. After a runtime is deprecated, Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support.",
+  "Risk": "If you have functions running on a runtime that will be deprecated in the next 60 days; Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases; such as security issues that require a backwards-incompatible update; or software that does not support a long-term support (LTS) schedule; advance notice might not be possible. After a runtime is deprecated; Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support.",
  "RelatedUrl": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html",
  "Remediation": {
    "Code": {
--- a/prowler/providers/aws/services/awslambda/awslambda_service.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_service.py
@@ -14,6 +14,7 @@ from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService


+################## Lambda
 class Lambda(AWSService):
    def __init__(self, audit_info):
        # Call AWSService's __init__
--- a/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json
+++ b/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:backup-report-plan:backup-report-plan-id",
  "Severity": "low",
-  "ResourceType": "AwsBackupBackupPlan",
+  "ResourceType": "Other",
  "Description": "This check ensures that there is at least one backup report plan in place.",
  "Risk": "Without a backup report plan, an organization may lack visibility into the success or failure of backup operations.",
  "RelatedUrl": "https://docs.aws.amazon.com/aws-backup/latest/devguide/create-report-plan-console.html",
--- a/prowler/providers/aws/services/backup/backup_service.py
+++ b/prowler/providers/aws/services/backup/backup_service.py
@@ -1,7 +1,6 @@
 from datetime import datetime
 from typing import Optional

-from botocore.client import ClientError
 from pydantic import BaseModel

 from prowler.lib.logger import logger
@@ -38,8 +37,6 @@ class Backup(AWSService):
                            self.audit_resources,
                        )
                    ):
-                        if self.backup_vaults is None:
-                            self.backup_vaults = []
                        self.backup_vaults.append(
                            BackupVault(
                                arn=configuration.get("BackupVaultArn"),
@@ -58,13 +55,7 @@ class Backup(AWSService):
                                ),
                            )
                        )
-        except ClientError as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-            if error.response["Error"]["Code"] == "AccessDeniedException":
-                if not self.backup_vaults:
-                    self.backup_vaults = None
+
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.py
+++ b/prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.py
@@ -5,24 +5,24 @@ from prowler.providers.aws.services.backup.backup_client import backup_client
 class backup_vaults_encrypted(Check):
    def execute(self):
        findings = []
-        if backup_client.backup_vaults:
-            for backup_vault in backup_client.backup_vaults:
-                # By default we assume that the result is fail
-                report = Check_Report_AWS(self.metadata())
-                report.status = "FAIL"
+
+        for backup_vault in backup_client.backup_vaults:
+            # By default we assume that the result is fail
+            report = Check_Report_AWS(self.metadata())
+            report.status = "FAIL"
+            report.status_extended = (
+                f"Backup Vault {backup_vault.name} is not encrypted."
+            )
+            report.resource_arn = backup_vault.arn
+            report.resource_id = backup_vault.name
+            report.region = backup_vault.region
+            # if it is encrypted we only change the status and the status extended
+            if backup_vault.encryption:
+                report.status = "PASS"
                report.status_extended = (
-                    f"Backup Vault {backup_vault.name} is not encrypted."
+                    f"Backup Vault {backup_vault.name} is encrypted."
                )
-                report.resource_arn = backup_vault.arn
-                report.resource_id = backup_vault.name
-                report.region = backup_vault.region
-                # if it is encrypted we only change the status and the status extended
-                if backup_vault.encryption:
-                    report.status = "PASS"
-                    report.status_extended = (
-                        f"Backup Vault {backup_vault.name} is encrypted."
-                    )
-                # then we store the finding
-                findings.append(report)
+            # then we store the finding
+            findings.append(report)

        return findings
--- a/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py
+++ b/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py
@@ -5,19 +5,18 @@ from prowler.providers.aws.services.backup.backup_client import backup_client
 class backup_vaults_exist(Check):
    def execute(self):
        findings = []
-        if backup_client.backup_vaults is not None:
-            report = Check_Report_AWS(self.metadata())
-            report.status = "FAIL"
-            report.status_extended = "No Backup Vault exist."
-            report.resource_arn = backup_client.backup_vault_arn_template
-            report.resource_id = backup_client.audited_account
-            report.region = backup_client.region
-            if backup_client.backup_vaults:
-                report.status = "PASS"
-                report.status_extended = f"At least one backup vault exists: {backup_client.backup_vaults[0].name}."
-                report.resource_arn = backup_client.backup_vaults[0].arn
-                report.resource_id = backup_client.backup_vaults[0].name
-                report.region = backup_client.backup_vaults[0].region
+        report = Check_Report_AWS(self.metadata())
+        report.status = "FAIL"
+        report.status_extended = "No Backup Vault exist."
+        report.resource_arn = backup_client.backup_vault_arn_template
+        report.resource_id = backup_client.audited_account
+        report.region = backup_client.region
+        if backup_client.backup_vaults:
+            report.status = "PASS"
+            report.status_extended = f"At least one backup vault exists: {backup_client.backup_vaults[0].name}."
+            report.resource_arn = backup_client.backup_vaults[0].arn
+            report.resource_id = backup_client.backup_vaults[0].name
+            report.region = backup_client.backup_vaults[0].region

-            findings.append(report)
+        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json
+++ b/prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json
@@ -10,10 +10,10 @@
  "ResourceType": "AwsCloudFormationStack",
  "Description": "Find secrets in CloudFormation outputs",
  "Risk": "Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services.",
-  "RelatedUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html",
+  "RelatedUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html",
  "Remediation": {
    "Code": {
-      "CLI": "https://docs.prowler.com/checks/aws/secrets-policies/bc_aws_secrets_2#cli-command",
+      "CLI": "https://docs.bridgecrew.io/docs/bc_aws_secrets_2#cli-command",
      "NativeIaC": "",
      "Other": "",
      "Terraform": ""
--- a/prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.py
+++ b/prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.py
@@ -29,12 +29,7 @@ class cloudformation_stack_outputs_find_secrets(Check):

                # Store the CloudFormation Stack Outputs into a file
                for output in stack.outputs:
-                    temp_output_file.write(
-                        bytes(
-                            f"{output}\n",
-                            encoding="raw_unicode_escape",
-                        )
-                    )
+                    temp_output_file.write(f"{output}".encode())
                temp_output_file.close()

                # Init detect_secrets
@@ -43,17 +38,11 @@ class cloudformation_stack_outputs_find_secrets(Check):
                with default_settings():
                    secrets.scan_file(temp_output_file.name)

-                detect_secrets_output = secrets.json()
-                # If secrets are found, update the report status
-                if detect_secrets_output:
-                    secrets_string = ", ".join(
-                        [
-                            f"{secret['type']} in Output {int(secret['line_number'])}"
-                            for secret in detect_secrets_output[temp_output_file.name]
-                        ]
-                    )
+                if secrets.json():
                    report.status = "FAIL"
-                    report.status_extended = f"Potential secret found in Stack {stack.name} Outputs -> {secrets_string}."
+                    report.status_extended = (
+                        f"Potential secret found in Stack {stack.name} Outputs."
+                    )

                os.remove(temp_output_file.name)
            else:
--- a/Show More
+++ b/Show More