ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(controltower): add AWS Control Tower resources to default Allowlist configuration file (#2953)

Browse Source 
Co-authored-by: Toni de la Fuente <toni@blyx.com>
This commit is contained in:
Sergio Garcia
2023-10-24 16:45:21 +02:00
committed by GitHub
parent 8533714cb2
commit 008534d839
4 changed files with 72 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/tutorials/allowlist.md
View File

@@ -82,7 +82,12 @@ You can use `-w`/`--allowlist-file` with the path of your allowlist yaml file, b
Tags:
- "environment=prod" # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod
## AWS Control Tower Allowlist
When using Control Tower, guardrails prevent access to certain protected resources. Prowler has an allowlist that ensures that warnings instead of errors are reported for all resources created by AWS Control Tower when setting up a landing zone.
You can execute Prowler with the AWS Control Tower allowlist using the following command:
```sh
prowler aws --allowlist prowler/config/aws_controltower_allowlist.yaml
```
## Supported Allowlist Locations
The allowlisting flag supports the following locations: