# Prowler for AWS ## Introduction Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening and incident response. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 190 additional checks including related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2 and others. ## What we are going to cover This chapter wil cover the prowler tool and the step by step guide on how we can run our own assessments on the AWS Cloud ## Requirements We will be using our astudent machine to run the prowler tool. Below are the steps to be taken to install prowler * For Ubuntu Linux (apt based Linux distributions and AWS CLI v2): ``` sudo apt update sudo apt install python3 python3-pip jq git zip pip install detect-secrets==1.0.3 git clone https://github.com/prowler-cloud/prowler ``` * Once Prowler repository is cloned, get into the folder and you can run it: ``` cd prowler ./prowler ``` We will consider that the AWS CLI is installed and valid access keys are configured. The credentials which are configured, must be associated to a user or role with proper permissions to do all checks. To make sure, add the AWS managed policies, SecurityAudit and ViewOnlyAccess, to the user or role being used. Policy ARNs are: ``` arn:aws:iam::aws:policy/SecurityAudit arn:aws:iam::aws:policy/job-function/ViewOnlyAccess ``` ## Steps to audit 1. Run the prowler command without options (it will use your environment variable credentials if they exist or will default to using the \~/.aws/credentials file and run checks over all regions when needed. The default region is us-east-1): 2. Use -l to list all available checks and the groups (sections) that reference them. To list all groups use -L and to list content of a group use -l -g . 3. By defaulr prowler scans all the regions opted by the organization. It has two parameters related to regions `-r` that is used to query AWS services APU endpoints and the `-f` option to filter only those regions you want to scan. 4. You can also save the report for later analysis by using the `-M` parameter ## Additional references [Prowler](https://github.com/prowler-cloud/prowler) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xcriminal.gitbook.io/about-me/cloudsec/security-tools/prowler-for-aws.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.