mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
Renamed Parameters, Updated Descriptions
This commit is contained in:
Julio Delgado Jr
@@ -5,10 +5,10 @@ Metadata:
|
|||||||
AWS::CloudFormation::Interface:
|
AWS::CloudFormation::Interface:
|
||||||
ParameterGroups:
|
ParameterGroups:
|
||||||
- Label:
|
- Label:
|
||||||
default: EC2 Instance Settings
|
default: Prowler EC2 Instance Settings
|
||||||
Parameters:
|
Parameters:
|
||||||
- BuildNumber
|
- BuildNumber
|
||||||
- Ec2Name
|
- ProwlerEc2Name
|
||||||
- InstanceType
|
- InstanceType
|
||||||
- KeyPair
|
- KeyPair
|
||||||
- SubnetId
|
- SubnetId
|
||||||
@@ -19,8 +19,8 @@ Metadata:
|
|||||||
- Label:
|
- Label:
|
||||||
default: S3 Settings
|
default: S3 Settings
|
||||||
Parameters:
|
Parameters:
|
||||||
- S3
|
- ProwlerS3
|
||||||
- S3Account
|
- ProwlerS3Account
|
||||||
- Label:
|
- Label:
|
||||||
default: CrossAccount Role
|
default: CrossAccount Role
|
||||||
Parameters:
|
Parameters:
|
||||||
@@ -34,9 +34,9 @@ Parameters:
|
|||||||
AllowedPattern: ^\d*$
|
AllowedPattern: ^\d*$
|
||||||
ConstraintDescription: Build Number must be a numeric string.
|
ConstraintDescription: Build Number must be a numeric string.
|
||||||
Default: 1
|
Default: 1
|
||||||
Ec2Name:
|
ProwlerEc2Name:
|
||||||
Type: String
|
Type: String
|
||||||
Description: Enter Name for EC2 Instance to create
|
Description: Enter Name for Prowler EC2 Instance to create
|
||||||
Default: Prowler-EC2
|
Default: Prowler-EC2
|
||||||
InstanceType:
|
InstanceType:
|
||||||
Description: Enter Instance Type
|
Description: Enter Instance Type
|
||||||
@@ -55,25 +55,25 @@ Parameters:
|
|||||||
Type: AWS::EC2::VPC::Id
|
Type: AWS::EC2::VPC::Id
|
||||||
Default: vpc-0285f35dd91ac4c58
|
Default: vpc-0285f35dd91ac4c58
|
||||||
Ec2Role:
|
Ec2Role:
|
||||||
Description: Enter Name for EC2 Instance Role to create
|
Description: Enter Name for EC2 Instance Role to create and attach to Prowler EC2 Instance
|
||||||
Type: String
|
Type: String
|
||||||
Default: ProwlerEC2-Role
|
Default: ProwlerEC2-Role
|
||||||
ProwlerCron:
|
ProwlerCron:
|
||||||
Description: Enter cron schedule. Default, runs everyday at 1am. See https://crontab.guru/, for syntax help.
|
Description: Enter cron schedule. Default, runs everyday at 1am. See https://crontab.guru/, for syntax help.
|
||||||
Type: String
|
Type: String
|
||||||
Default: "0 1 * * *"
|
Default: "0 1 * * *"
|
||||||
LatestAmazonLinux2AmiId:
|
LatestAmazonLinux2AmiId:
|
||||||
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
|
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
|
||||||
Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters.
|
Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters.
|
||||||
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
|
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
|
||||||
|
|
||||||
S3:
|
ProwlerS3:
|
||||||
Type: String
|
Type: String
|
||||||
Description: Enter S3 Bucket to grant rights to EC2 Instance
|
Description: Enter S3 Bucket for Prowler Reports
|
||||||
Default: prowler-417425889548-us-east-1
|
Default: prowler-417425889548-us-east-1
|
||||||
S3Account:
|
ProwlerS3Account:
|
||||||
Type: String
|
Type: String
|
||||||
Description: Enter AWS Account Number where S3 Bucket resides
|
Description: Enter AWS Account Number where Prowler S3 Bucket resides.
|
||||||
AllowedPattern: ^\d{12}$
|
AllowedPattern: ^\d{12}$
|
||||||
ConstraintDescription: An AWS Account Number must be a 12 digit numeric string.
|
ConstraintDescription: An AWS Account Number must be a 12 digit numeric string.
|
||||||
Default: 417425889548
|
Default: 417425889548
|
||||||
@@ -86,7 +86,7 @@ Parameters:
|
|||||||
Default: o-nbfb46ay7u
|
Default: o-nbfb46ay7u
|
||||||
CrossAccountRole:
|
CrossAccountRole:
|
||||||
Type: String
|
Type: String
|
||||||
Description: Enter CrossAccount Role you will be using across the AWS Organization
|
Description: Enter CrossAccount Role Prowler will be using to assess AWS Accounts in the AWS Organization. (ProwlerCrossAccountRole)
|
||||||
Default: ProwlerXA-Role
|
Default: ProwlerXA-Role
|
||||||
|
|
||||||
Resources:
|
Resources:
|
||||||
@@ -105,7 +105,7 @@ Resources:
|
|||||||
- !Ref ProwlerSecurityGroup
|
- !Ref ProwlerSecurityGroup
|
||||||
Tags:
|
Tags:
|
||||||
- Key: Name
|
- Key: Name
|
||||||
Value: !Ref Ec2Name
|
Value: !Ref ProwlerEc2Name
|
||||||
UserData:
|
UserData:
|
||||||
Fn::Base64:
|
Fn::Base64:
|
||||||
!Sub |
|
!Sub |
|
||||||
@@ -119,7 +119,7 @@ Resources:
|
|||||||
S3AccessCreds:
|
S3AccessCreds:
|
||||||
type: S3
|
type: S3
|
||||||
buckets:
|
buckets:
|
||||||
- !Ref S3
|
- !Ref ProwlerS3
|
||||||
roleName:
|
roleName:
|
||||||
Ref: ProwlerEc2Role
|
Ref: ProwlerEc2Role
|
||||||
AWS::CloudFormation::Init:
|
AWS::CloudFormation::Init:
|
||||||
@@ -174,8 +174,8 @@ Resources:
|
|||||||
files:
|
files:
|
||||||
/home/ec2-user/.awsvariables:
|
/home/ec2-user/.awsvariables:
|
||||||
content: !Sub |
|
content: !Sub |
|
||||||
export S3=s3://${S3}
|
export S3=s3://${ProwlerS3}
|
||||||
export S3ACCOUNT=${S3Account}
|
export S3ACCOUNT=${ProwlerS3Account}
|
||||||
export ROLE=${CrossAccountRole}
|
export ROLE=${CrossAccountRole}
|
||||||
mode: "000600"
|
mode: "000600"
|
||||||
owner: ec2-user
|
owner: ec2-user
|
||||||
@@ -190,7 +190,7 @@ Resources:
|
|||||||
prowler-reports:
|
prowler-reports:
|
||||||
files:
|
files:
|
||||||
/home/ec2-user/run-prowler-reports.sh:
|
/home/ec2-user/run-prowler-reports.sh:
|
||||||
source: !Sub https://${S3}.s3.${AWS::Region}.amazonaws.com/run-prowler-reports.sh
|
source: !Sub https://${ProwlerS3}.s3.${AWS::Region}.amazonaws.com/run-prowler-reports.sh
|
||||||
mode: "000700"
|
mode: "000700"
|
||||||
owner: ec2-user
|
owner: ec2-user
|
||||||
group: ec2-user
|
group: ec2-user
|
||||||
@@ -312,8 +312,8 @@ Resources:
|
|||||||
- Sid: AllowGetPutListObject
|
- Sid: AllowGetPutListObject
|
||||||
Effect: Allow
|
Effect: Allow
|
||||||
Resource:
|
Resource:
|
||||||
- !Sub arn:${AWS::Partition}:s3:::${S3}
|
- !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}
|
||||||
- !Sub arn:${AWS::Partition}:s3:::${S3}/*
|
- !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}/*
|
||||||
Action:
|
Action:
|
||||||
- s3:GetObject
|
- s3:GetObject
|
||||||
- s3:PutObject
|
- s3:PutObject
|
||||||
@@ -339,11 +339,11 @@ Resources:
|
|||||||
|
|
||||||
Outputs:
|
Outputs:
|
||||||
ProwlerEc2Account:
|
ProwlerEc2Account:
|
||||||
Description: AWS Account where Prowler EC2 resides
|
Description: AWS Account Number where Prowler EC2 Instance resides.
|
||||||
Value: !Ref AWS::AccountId
|
Value: !Ref AWS::AccountId
|
||||||
ProwlerEc2Role:
|
ProwlerEc2Role:
|
||||||
Description: Prowler EC2 Instance Role
|
Description: Instance Role given to the Prowler EC2 Instance (needed to grant sts:AssumeRole rights).
|
||||||
Value: !Ref ProwlerEc2Role
|
Value: !Ref ProwlerEc2Role
|
||||||
ProwlerS3:
|
ProwlerS3:
|
||||||
Description: S3 Bucket for Prowler Reports
|
Description: S3 Bucket for Prowler Reports
|
||||||
Value: !Ref S3
|
Value: !Ref ProwlerS3
|
||||||
|
|||||||
Reference in New Issue
Block a user