ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(whitelist): Add examples for Control Tower resources (#1013)

Browse Source
This commit is contained in:
Daniel Lorch
2022-02-02 13:36:02 +01:00
committed by GitHub
parent 0ac7064d80
commit 29a071c98e
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
whitelist_sample.txt
View File

@@ -18,4 +18,12 @@ check26:myignoredbucket
# REGEXES # REGEXES
# This whitelist works with regexes (ERE, the same style of regex as grep -E and bash's =~ use) # This whitelist works with regexes (ERE, the same style of regex as grep -E and bash's =~ use)
# therefore: # therefore:
# extra718:[[:alnum:]]+-logs # will ignore all buckets containing the terms ci-logs, qa-logs, etc. # extra718:[[:alnum:]]+-logs # will ignore all buckets containing the terms ci-logs, qa-logs, etc.
# EXAMPLE: CONTROL TOWER
# When using Control Tower, guardrails prevent access to certain protected resources. The whitelist
# below ensures that warnings instead of errors are reported for the affected resources.
#extra734:aws-controltower-logs-[[:digit:]]+-[[:alpha:]\-]+
#extra734:aws-controltower-s3-access-logs-[[:digit:]]+-[[:alpha:]\-]+
#extra764:aws-controltower-logs-[[:digit:]]+-[[:alpha:]\-]+
#extra764:aws-controltower-s3-access-logs-[[:digit:]]+-[[:alpha:]\-]+