Merge branch '2.5' of https://github.com/toniblyx/prowler into 2.5

2026-02-10 14:55:00 +00:00 · 2021-07-05 20:14:03 +02:00
parent 3936a7b17a d53e6eb3a9
commit 24a02c1f71
3 changed files with 12 additions and 4 deletions
--- a/util/org-multi-account/ProwlerEC2.yaml
+++ b/util/org-multi-account/ProwlerEC2.yaml
@@ -334,6 +334,7 @@ Resources:
                  - s3:GetObject
                  - s3:PutObject
                  - s3:ListBucket
+                  - s3:PutObjectAcl
        - PolicyName: Prowler-CrossAccount-AssumeRole
          PolicyDocument:
            Version: 2012-10-17
--- a/util/org-multi-account/ProwlerS3.yaml
+++ b/util/org-multi-account/ProwlerS3.yaml
@@ -60,6 +60,7 @@ Resources:
              - s3:GetObject
              - s3:PutObject
              - s3:ListBucket
+              - s3:PutObjectAcl
            Resource:
              - !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}
              - !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}/*
--- a/util/org-multi-account/src/run-prowler-reports.sh
+++ b/util/org-multi-account/src/run-prowler-reports.sh
@@ -91,9 +91,6 @@ for accountId in $ACCOUNTS_IN_ORGS; do
        # remove -g cislevel for a full report and add other formats if needed
        ./prowler/prowler -R "$ROLE" -A "$accountId" -g cislevel1 -M html
        echo "Report stored locally at: prowler/output/ directory"
-        # Upload Prowler Report to S3
-        s3_account_session
-        aws s3 cp prowler/output/ "$S3/reports/" --recursive --include "*.html"
        TOTAL_SEC=$((SECONDS - START_TIME))
        echo -e "Completed AWS Account: $accountId, using Role: $ROLE on $(date)"
        printf "Completed AWS Account: $accountId in %02dh:%02dm:%02ds" $((TOTAL_SEC / 3600)) $((TOTAL_SEC % 3600 / 60)) $((TOTAL_SEC % 60))
@@ -103,7 +100,16 @@ done

 # Wait for All Prowler Processes to finish
 wait
-echo "Prowler Assessments Completed against All Accounts in the AWS Organization"
+echo "Prowler Assessments Completed against All Accounts in the AWS Organization. Starting S3 copy operations..."
+
+# Upload Prowler Report to S3
+s3_account_session
+aws s3 cp prowler/output/ "$S3/reports/" --recursive --include "*.html" --acl bucket-owner-full-control
+echo "Assessment reports successfully copied to S3 bucket"
+
+# Final Wait for All Prowler Processes to finish
+wait
+echo "Prowler Assessments Completed"

 # Unset AWS Profile Variables
 unset_aws