mirror of https://github.com/prowler-cloud/prowler.git synced 2025-12-19 05:17:47 +00:00

Files

Pepe Fagoaga f0c027f54e chore(merge): Merge master with Prowler 4.0 (#3467 )

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>

2024-02-29 11:19:17 +01:00

1.5 KiB

Raw Blame History

AWS Authentication

Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role):

aws configure

export AWS_ACCESS_KEY_ID="ASXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
export AWS_SESSION_TOKEN="XXXXXXXXX"

Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the following AWS managed policies to the user or role being used:

arn:aws:iam::aws:policy/SecurityAudit
arn:aws:iam::aws:policy/job-function/ViewOnlyAccess

???+ note Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy prowler-additions-policy.json to the role you are using. If you want Prowler to send findings to AWS Security Hub, make sure you also attach the custom policy prowler-security-hub.json.

Profiles

Prowler can use your custom AWS Profile with:

prowler <provider> -p/--profile <profile_name>

Multi-Factor Authentication

If your IAM entity enforces MFA you can use --mfa and Prowler will ask you to input the following values to get a new session:

ARN of your MFA device
TOTP (Time-Based One-Time Password)

1.5 KiB Raw Blame History

AWS Authentication

Profiles

Multi-Factor Authentication

1.5 KiB

Raw Blame History