mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-14 16:11:54 +00:00
142 lines
3.8 KiB
Markdown
142 lines
3.8 KiB
Markdown
# Getting Started With AWS on Prowler
|
|
|
|
## Prowler App
|
|
|
|
<iframe width="560" height="380" src="https://www.youtube-nocookie.com/embed/RPgIWOCERzY" title="Prowler Cloud Onboarding AWS" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>
|
|
|
|
> Walkthrough video onboarding an AWS Account using Assumed Role.
|
|
|
|
### Step 1: Get Your AWS Account ID
|
|
|
|
1. Log in to the [AWS Console](https://console.aws.amazon.com)
|
|
2. Locate your AWS account ID in the top-right dropdown menu
|
|
|
|

|
|
|
|
|
|
### Step 2: Access Prowler Cloud or Prowler App
|
|
|
|
1. Navigate to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
|
|
2. Go to "Configuration" > "Cloud Providers"
|
|
|
|

|
|
|
|
3. Click "Add Cloud Provider"
|
|
|
|

|
|
|
|
4. Select "Amazon Web Services"
|
|
|
|

|
|
|
|
5. Enter your AWS Account ID and optionally provide a friendly alias
|
|
|
|

|
|
|
|
6. Choose the preferred authentication method (next step)
|
|
|
|

|
|
|
|
|
|
### Step 3: Set Up AWS Authentication
|
|
|
|
Before proceeding, choose the preferred authentication mode:
|
|
|
|
**Credentials**
|
|
|
|
* Quick scan as current user
|
|
* No extra setup
|
|
* Credentials time out
|
|
|
|
**Assumed Role**
|
|
|
|
* Preferred Setup
|
|
* Permanent Credentials
|
|
* Requires access to create role
|
|
|
|
|
|
---
|
|
|
|
#### Assume Role (Recommended)
|
|
|
|
This method grants permanent access and is the recommended setup for production environments.
|
|
|
|

|
|
|
|
For detailed instructions on how to create the role, see [Authentication > Assume Role](./authentication.md#assume-role-recommended).
|
|
|
|
8. Once the role is created, go to the **IAM Console**, click on the "ProwlerScan" role to open its details:
|
|
|
|

|
|
|
|
9. Copy the **Role ARN**
|
|
|
|

|
|
|
|
10. Paste the ARN into the corresponding field in Prowler Cloud or Prowler App
|
|
|
|

|
|
|
|
11. Click "Next", then "Launch Scan"
|
|
|
|

|
|

|
|
|
|
---
|
|
|
|
#### Credentials (Static Access Keys)
|
|
|
|
AWS accounts can also be configured using static credentials (not recommended for long-term use):
|
|
|
|

|
|
|
|
For detailed instructions on how to create the credentials, see [Authentication > Credentials](./authentication.md#credentials).
|
|
|
|
1. Complete the form in Prowler Cloud or Prowler App and click "Next"
|
|
|
|

|
|
|
|
2. Click "Launch Scan"
|
|
|
|

|
|
|
|
---
|
|
|
|
## Prowler CLI
|
|
|
|
### Configure AWS Credentials
|
|
|
|
To authenticate with AWS, use one of the following methods:
|
|
|
|
```console
|
|
aws configure
|
|
```
|
|
|
|
or
|
|
|
|
```console
|
|
export AWS_ACCESS_KEY_ID="ASXXXXXXX"
|
|
export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
|
|
export AWS_SESSION_TOKEN="XXXXXXXXX"
|
|
```
|
|
|
|
These credentials must be associated with a user or role with the necessary permissions to perform security checks.
|
|
|
|
More details on Assume Role settings from the CLI in [Assume Role](./role-assumption.md) page.
|
|
|
|
|
|
### AWS Profiles
|
|
|
|
To use a custom AWS profile, specify it with the following command:
|
|
|
|
```console
|
|
prowler aws -p/--profile <profile_name>
|
|
```
|
|
|
|
### Multi-Factor Authentication (MFA)
|
|
|
|
For IAM entities requiring Multi-Factor Authentication (MFA), use the `--mfa` flag. Prowler prompts for the following values to initiate a new session:
|
|
|
|
- **ARN of your MFA device**
|
|
- **TOTP (time-based one-time password)**
|