# Getting Started With AWS on Prowler
## Prowler App
> Walkthrough video onboarding an AWS Account using Assumed Role.
### Step 1: Get Your AWS Account ID
1. Log in to the [AWS Console](https://console.aws.amazon.com)
2. Locate your AWS account ID in the top-right dropdown menu

### Step 2: Access Prowler Cloud or Prowler App
1. Navigate to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
2. Go to "Configuration" > "Cloud Providers"

3. Click "Add Cloud Provider"

4. Select "Amazon Web Services"

5. Enter your AWS Account ID and optionally provide a friendly alias

6. Choose the preferred authentication method (next step)

### Step 3: Set Up AWS Authentication
Before proceeding, choose the preferred authentication mode:
**Credentials**
* Quick scan as current user
* No extra setup
* Credentials time out
**Assumed Role**
* Preferred Setup
* Permanent Credentials
* Requires access to create role
---
#### Assume Role (Recommended)
This method grants permanent access and is the recommended setup for production environments.

For detailed instructions on how to create the role, see [Authentication > Assume Role](./authentication.md#assume-role-recommended).
8. Once the role is created, go to the **IAM Console**, click on the "ProwlerScan" role to open its details:

9. Copy the **Role ARN**

10. Paste the ARN into the corresponding field in Prowler Cloud or Prowler App

11. Click "Next", then "Launch Scan"


---
#### Credentials (Static Access Keys)
AWS accounts can also be configured using static credentials (not recommended for long-term use):

For detailed instructions on how to create the credentials, see [Authentication > Credentials](./authentication.md#credentials).
1. Complete the form in Prowler Cloud or Prowler App and click "Next"

2. Click "Launch Scan"

---
## Prowler CLI
### Configure AWS Credentials
To authenticate with AWS, use one of the following methods:
```console
aws configure
```
or
```console
export AWS_ACCESS_KEY_ID="ASXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
export AWS_SESSION_TOKEN="XXXXXXXXX"
```
These credentials must be associated with a user or role with the necessary permissions to perform security checks.
More details on Assume Role settings from the CLI in [Assume Role](./role-assumption.md) page.
### AWS Profiles
To use a custom AWS profile, specify it with the following command:
```console
prowler aws -p/--profile
```
### Multi-Factor Authentication (MFA)
For IAM entities requiring Multi-Factor Authentication (MFA), use the `--mfa` flag. Prowler prompts for the following values to initiate a new session:
- **ARN of your MFA device**
- **TOTP (time-based one-time password)**