ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2025-12-19 05:17:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ad517ce838aa3c7e69103d9fdef20bfb14615ca
prowler/contrib/org-multi-account/serverless_codebuild/README.md
Toni de la Fuente 5ad517ce83 New folder structure phase 1
2022-05-25 12:54:15 +02:00

3.4 KiB
Raw Blame History

Organizational Prowler with Serverless

Langage: Korean

This project is created to apply prowler in a multi-account environment within AWS Organizations. CloudWatch triggers CodeBuild every fixed time. CodeBuild executes the script which clones the latest prowler from here and performs security assessment on all the accounts in AWS Organizations. The assessment reports are sent to S3 bucket in Log Archive Account.

For more information on how to use prowler, see here.

Untitled

  1. Log Archive Account
    1. Deploy ProwlerS3.yaml in CloudFormation console. The template creates S3 bucket for reports and bucket policy that limits API actions to principals from its AWS Organizations.
      • AwsOrgId : AWS Organizations' Organization ID
      • S3Prefix : The prefix included in the bucket name
  2. Master Account
    1. Deploy ProwlerRole.yaml stack to CloudFormation in a bid to create resources to master account itself. (The template will be also deployed for other member accounts as a StackSet)
      • ProwlerCodeBuildAccount : Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account)
      • ProwlerCodeBuildRole : Role name to use in CodeBuild service
      • ProwlerCrossAccountRole : Role name to assume for Cross account
      • ProwlerS3 : The S3 bucket name where reports will be put
    2. Create StackSet with ProwlerRole.yaml to deploy Role into member accounts in AWS Organizations.
      • ProwlerCodeBuildAccount : Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account)
      • ProwlerCodeBuildRole : Role name to use in CodeBuild service
      • ProwlerCrossAccountRole : Role name to assume for Cross account
      • ProwlerS3 : The S3 bucket name where reports will be put
      • Permission : Service-managed permissions
      • Deploy target : Deploy to organization 선택, Enable, Delete stacks 선택
      • Specify regions : Region to deploy
  3. Audit Account

    1. Go to S3 console, create a bucket, upload run-prowler-reports.sh.zip

      • bucket name : prowler-util-[Account ID]-[region]
        Untitled

    2. Deploy ProwlerCodeBuildStack.yaml which creates CloudWatch Rule to trigger CodeBuild every fixed time, allowing prowler to audit multi-accounts.

      • AwsOrgId : AWS Organizations' Organization ID
      • CodeBuildRole : Role name to use in CodeBuild service
      • CodeBuildSourceS3 : Object location uploaded from i
        • prowler-util-[Account ID]-*[region]/run-prowler-reports.sh.zip
      • CrossAccountRole : Role name for cross account created in the process 2 above.
      • ProwlerReportS3 : The S3 bucket name where reports will be put
      • ProwlerReportS3Account : The account where the report S3 bucket resides.

    3. If you'd like to change the scheduled time,

      1. You can change the cron expression of ScheduleExpression within ProwlerCodeBuildStack.yaml.
      2. Alternatively, you can make changes directrly from Events > Rules > ProwlerExecuteRule > Actions > Edit in CloudWatch console.
Reference in New Issue View Git Blame Copy Permalink