prowler is a Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 https://www.cisecurity.org/cis-benchmarks/
Features:
It covers hardening and security best practices for all AWS regions related to:
+ Identity and Access Management (24 checks)
+ Logging (8 checks)
+ Monitoring (15 checks)
+ Networking (5 checks)
+ Extra checks (3 checks) *see Extras section
Prowler: AWS CIS Benchmark Tool
For a comprehesive list and resolution look at the guide on the link above.
With Prowler you can:
– get a colourish or monochrome report
– a CSV format report for diff
– run specific checks without having to run the entire report
– check multiple AWS accounts in parallel
STS expired token
If you are using an STS token for AWS-CLI and your session is expired you probably get this error:
– A client error (ExpiredToken) occurred when calling the GenerateCredentialReport operation: The security token included in the request is expired
Usage:
git clone https://github.com/Alfresco/prowler && cd prowler pip install awscli Make sure you have properly configured your AWS-CLI with a valid Access Key and Region: aws configure Example Policy ARN is arn:aws:iam::aws:policy/SecurityAudit ./prowler
Source: https://github.com/Alfresco