mirror of
https://github.com/prowler-cloud/prowler.git
synced 2025-12-19 05:17:47 +00:00
67 lines
2.1 KiB
YAML
67 lines
2.1 KiB
YAML
Mute List:
|
|
Accounts:
|
|
"*":
|
|
########################### AWS CONTROL TOWER ###########################
|
|
### The following entries includes all resources created by AWS Control Tower when setting up a landing zone ###
|
|
# https://docs.aws.amazon.com/controltower/latest/userguide/how-control-tower-works.html #
|
|
Checks:
|
|
"cloudwatch_log_group_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "/aws/lambda/aws-controltower-NotificationForwarder"
|
|
- "StackSet-AWSControlTowerBP-*"
|
|
"awslambda_function_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "aws-controltower-NotificationForwarder"
|
|
"cloudformation_stacks_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "StackSet-AWSControlTowerGuardrailAWS-*"
|
|
- "StackSet-AWSControlTowerBP-*"
|
|
"cloudtrail_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "aws-controltower-BaselineCloudTrail"
|
|
"iam_role_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "aws-controltower-AdministratorExecutionRole"
|
|
- "aws-controltower-CloudWatchLogsRole"
|
|
- "aws-controltower-ConfigRecorderRole"
|
|
- "aws-controltower-ForwardSnsNotificationRole"
|
|
- "aws-controltower-ReadOnlyExecutionRole"
|
|
- "AWSControlTower_VPCFlowLogsRole"
|
|
- "AWSControlTowerExecution"
|
|
- "AWSAFTAdmin"
|
|
- "AWSAFTExecution"
|
|
- "AWSAFTService"
|
|
"iam_policy_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "AWSControlTowerServiceRolePolicy"
|
|
"s3_bucket_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "aws-controltower-logs-*"
|
|
- "aws-controltower-s3-access-logs-*"
|
|
"sns_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "aws-controltower-SecurityNotifications"
|
|
"vpc_*":
|
|
Regions:
|
|
- "*"
|
|
Resources:
|
|
- "*"
|
|
Tags:
|
|
- "Name=aws-controltower-VPC"
|