Releases · awslabs/aws-security-assessment-solution

09 Aug 14:17

js37

v2.4.2 Latest

Latest

This update adds the ability to choose how many accounts to scan at a time, and the timeout of the CodeBuild job.

Updated the template to include ConcurrentAccountScans and CodeBuildTimeout parameter. This maps to the number of accounts to run Prowler on at a time (3, 6, or 12) will choose the CodeBuild instance to use (small, medium, or large).
The parallel scans and ComputeType are purposefully paired so you can't choose 12 accounts at a time on a small. The CodeBuild server would runs out of memory and the job hangs.
Organized parameters into SATv2 and Advanced parameters when using the CFN console.

Assets 2

29 Jul 23:09

js37

v2.4.1

Assets 2

25 Jul 16:29

js37

v2.4

Updated IAM roles to mitigate confused deputy finding on the three roles we provision for SATv2
Enabled S3 bucket versioning for findings bucket
Added bucket policy for TLS only for findings bucket

Assets 2

18 Jul 16:24

js37

v2.3 - SATv2 presentation

Enabling reporting will now create a presentation and store it in the reporting folder. This presentation updates slide 4 with the results of a basic scan. It also provides some information on core AWS security services.
Compliance reports (from a full scan) are uploaded to a compliance folder in S3 instead of csv folder
Updated readme to clarify parameters

Assets 2

11 Jun 19:23

js37

v2.2

Assets 2

15 Sep 18:32

js37

v2.1 - SATv2 reporting

This release adds reporting which is helpful when running SATv2 on multiple accounts within an organization.

Set the Reporting parameter to true when you deploy the CloudFormation template. This will create an Athena WorkGroup, a Glue table, and automatically run a query to consolidate the results.
The summarized csv file is located in the same S3 bucket as the Prowler results in the /reporting folder.
If you specify an email address while reporting is enabled, you will get a second email when the Athena query is finished.

Assets 2