ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(scanner): Tag-based scan (#1751)

Browse Source 
Co-authored-by: Toni de la Fuente <toni@blyx.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
This commit is contained in:
Sergio Garcia
2023-01-31 12:19:29 +01:00
committed by GitHub
parent 0d1a5318ec
commit 3ac4dc8392
110 changed files with 1224 additions and 635 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/tutorials/aws/tag-based-scan.md Normal file
View File

@@ -0,0 +1,9 @@
# Tags-based Scan
Prowler allows you to scan only the resources that contain specific tags. This can be done with the flag `-t/--scan-tags` followed by the tags `Key=Value` separated by space:
```
prowler aws --scan-tags Environment=dev Project=prowler
```
This example will only scan the resources that contains both tags.

1
mkdocs.yml
View File

@@ -44,6 +44,7 @@ nav:
- Scan Multiple AWS Accounts: tutorials/aws/multiaccount.md
- AWS CloudShell: tutorials/aws/cloudshell.md
- Checks v2 to v3 Mapping: tutorials/aws/v2_to_v3_checks_mapping.md
- Tag-based Scan: tutorials/aws/tag-based-scan.md
- Azure:
- Authentication: tutorials/azure/authentication.md
- Subscriptions: tutorials/azure/subscriptions.md

9
prowler/lib/cli/parser.py
View File

@@ -343,6 +343,15 @@ Detailed documentation at https://docs.prowler.cloud
default=None,
help="Path for allowlist yaml file. See example prowler/config/allowlist.yaml for reference and format. It also accepts AWS DynamoDB Table or Lambda ARNs or S3 URIs, see more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/",
)
# Allowlist
audit_tags_subparser = aws_parser.add_argument_group("Tags-based Scan")
audit_tags_subparser.add_argument(
"-t",
"--scan-tags",
nargs="+",
default=None,
help="Scan only resources with specific tags (Key=Value), e.g., Environment=dev Project=prowler",
)
def __init_azure_parser__(self):
"""Init the Azure Provider CLI parser"""

0
prowler/lib/scan_filters/__init__.py Normal file
View File

17
prowler/lib/scan_filters/scan_filters.py Normal file
View File

@@ -0,0 +1,17 @@
from prowler.lib.logger import logger
def is_resource_filtered(resource: str, audit_resources: list) -> bool:
"""
Check if the resource passed as argument is present in the audit_resources.
Returns True if it is filtered and False if it does not match the input filters
"""
try:
if resource in str(audit_resources):
return True
return False
except Exception as error:
logger.error(
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error} ({resource})"
)

2
prowler/providers/aws/lib/allowlist/allowlist.py
View File

@@ -23,7 +23,7 @@ def parse_allowlist_file(audit_info, allowlist_file):
s3_client.get_object(Bucket=bucket, Key=key)["Body"]
)["Allowlist"]
# Check if file is a Lambda Function ARN
elif re.search("^arn:(\w+):lambda:", allowlist_file):
elif re.search(r"^arn:(\w+):lambda:", allowlist_file):
lambda_region = allowlist_file.split(":")[3]
lambda_client = audit_info.audit_session.client(
"lambda", region_name=lambda_region

1
prowler/providers/aws/lib/audit_info/audit_info.py
View File

@@ -21,6 +21,7 @@ current_audit_info = AWS_Audit_Info(
session_duration=None,
external_id=None,
),
audit_resources=None,
audited_regions=None,
organizations_metadata=None,
audit_metadata=None,

1
prowler/providers/aws/lib/audit_info/models.py
View File

@@ -42,5 +42,6 @@ class AWS_Audit_Info:
credentials: AWS_Credentials
assumed_role_info: AWS_Assume_Role
audited_regions: list
audit_resources: list
organizations_metadata: AWS_Organizations_Info
audit_metadata: Optional[Any] = None

7
prowler/providers/aws/services/accessanalyzer/accessanalyzer_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class AccessAnalyzer:
self.service = "accessanalyzer"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.analyzers = []
self.__threading_call__(self.__list_analyzers__)
@@ -36,8 +38,11 @@ class AccessAnalyzer:
list_analyzers_paginator = regional_client.get_paginator("list_analyzers")
analyzer_count = 0
for page in list_analyzers_paginator.paginate():
analyzer_count += len(page["analyzers"])
for analyzer in page["analyzers"]:
if not self.audit_resources or (
is_resource_filtered(analyzer["arn"], self.audit_resources)
):
analyzer_count += 1
self.analyzers.append(
Analyzer(
arn=analyzer["arn"],

13
prowler/providers/aws/services/acm/acm_service.py
View File

@@ -3,6 +3,7 @@ from dataclasses import dataclass
from prowler.config.config import timestamp_utc
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class ACM:
self.service = "acm"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.certificates = []
self.__threading_call__(self.__list_certificates__)
@@ -36,11 +38,16 @@ class ACM:
"list_certificates"
)
for page in list_certificates_paginator.paginate():
for analyzer in page["CertificateSummaryList"]:
for certificate in page["CertificateSummaryList"]:
if not self.audit_resources or (
is_resource_filtered(
certificate["CertificateArn"], self.audit_resources
)
):
self.certificates.append(
Certificate(
analyzer["CertificateArn"],
analyzer["DomainName"],
certificate["CertificateArn"],
certificate["DomainName"],
False,
regional_client.region,
)

5
prowler/providers/aws/services/apigateway/apigateway_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class APIGateway:
self.service = "apigateway"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.rest_apis = []
@@ -38,6 +40,9 @@ class APIGateway:
for page in get_rest_apis_paginator.paginate():
for apigw in page["items"]:
arn = f"arn:{self.audited_partition}:apigateway:{regional_client.region}::/apis/{apigw['id']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
self.rest_apis.append(
RestAPI(
apigw["id"],

5
prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class ApiGatewayV2:
self.service = "apigatewayv2"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.apis = []
self.__threading_call__(self.__get_apis__)
@@ -35,6 +37,9 @@ class ApiGatewayV2:
get_rest_apis_paginator = regional_client.get_paginator("get_apis")
for page in get_rest_apis_paginator.paginate():
for apigw in page["Items"]:
if not self.audit_resources or (
is_resource_filtered(apigw["ApiId"], self.audit_resources)
):
self.apis.append(
API(
apigw["ApiId"],

5
prowler/providers/aws/services/appstream/appstream_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class AppStream:
self.service = "appstream"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.fleets = []
self.__threading_call__(self.__describe_fleets__)
@@ -33,6 +35,9 @@ class AppStream:
describe_fleets_paginator = regional_client.get_paginator("describe_fleets")
for page in describe_fleets_paginator.paginate():
for fleet in page["Fleets"]:
if not self.audit_resources or (
is_resource_filtered(fleet["Arn"], self.audit_resources)
):
self.fleets.append(
Fleet(
arn=fleet["Arn"],

8
prowler/providers/aws/services/autoscaling/autoscaling_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class AutoScaling:
self.service = "autoscaling"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.launch_configurations = []
self.__threading_call__(self.__describe_launch_configurations__)
@@ -35,6 +37,12 @@ class AutoScaling:
)
for page in describe_launch_configurations_paginator.paginate():
for configuration in page["LaunchConfigurations"]:
if not self.audit_resources or (
is_resource_filtered(
configuration["LaunchConfigurationARN"],
self.audit_resources,
)
):
self.launch_configurations.append(
LaunchConfiguration(
configuration["LaunchConfigurationARN"],

7
prowler/providers/aws/services/awslambda/awslambda_service.py
View File

@@ -10,6 +10,7 @@ from botocore.client import ClientError
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -19,6 +20,7 @@ class Lambda:
self.service = "lambda"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.functions = {}
self.__threading_call__(self.__list_functions__)
@@ -44,6 +46,11 @@ class Lambda:
list_functions_paginator = regional_client.get_paginator("list_functions")
for page in list_functions_paginator.paginate():
for function in page["Functions"]:
if not self.audit_resources or (
is_resource_filtered(
function["FunctionArn"], self.audit_resources
)
):
lambda_name = function["FunctionName"]
lambda_arn = function["FunctionArn"]
lambda_runtime = function["Runtime"]

5
prowler/providers/aws/services/cloudformation/cloudformation_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class CloudFormation:
self.service = "cloudformation"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.stacks = []
self.__threading_call__(self.__describe_stacks__)
@@ -35,6 +37,9 @@ class CloudFormation:
describe_stacks_paginator = regional_client.get_paginator("describe_stacks")
for page in describe_stacks_paginator.paginate():
for stack in page["Stacks"]:
if not self.audit_resources or (
is_resource_filtered(stack["StackId"], self.audit_resources)
):
outputs = []
if "Outputs" in stack:
for output in stack["Outputs"]:

5
prowler/providers/aws/services/cloudfront/cloudfront_service.py
View File

@@ -2,6 +2,7 @@ from dataclasses import dataclass
from enum import Enum
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class CloudFront:
self.service = "cloudfront"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
@@ -34,6 +36,9 @@ class CloudFront:
for page in list_ditributions_paginator.paginate():
if "Items" in page["DistributionList"]:
for item in page["DistributionList"]["Items"]:
if not self.audit_resources or (
is_resource_filtered(item["ARN"], self.audit_resources)
):
distribution_id = item["Id"]
distribution_arn = item["ARN"]
origins = item["Origins"]["Items"]

10
prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
View File

@@ -3,6 +3,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class Cloudtrail:
self.service = "cloudtrail"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.region = audit_info.profile_region
self.regional_clients = generate_regional_clients(self.service, audit_info)
@@ -36,8 +38,12 @@ class Cloudtrail:
logger.info("Cloudtrail - Getting trails...")
try:
describe_trails = regional_client.describe_trails()["trailList"]
if describe_trails:
trails_count = 0
for trail in describe_trails:
if not self.audit_resources or (
is_resource_filtered(trail["TrailARN"], self.audit_resources)
):
trails_count += 1
kms_key_id = None
log_group_arn = None
if "KmsKeyId" in trail:
@@ -62,7 +68,7 @@ class Cloudtrail:
data_events=[],
)
)
else:
if trails_count == 0:
self.trails.append(
Trail(
name=None,

26
prowler/providers/aws/services/cloudwatch/cloudwatch_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class CloudWatch:
self.service = "cloudwatch"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.region = list(
generate_regional_clients(
self.service, audit_info, global_service=True
@@ -38,6 +40,9 @@ class CloudWatch:
describe_alarms_paginator = regional_client.get_paginator("describe_alarms")
for page in describe_alarms_paginator.paginate():
for alarm in page["MetricAlarms"]:
if not self.audit_resources or (
is_resource_filtered(alarm["AlarmArn"], self.audit_resources)
):
self.metric_alarms.append(
MetricAlarm(
alarm["AlarmArn"],
@@ -59,6 +64,7 @@ class Logs:
self.service = "logs"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.metric_filters = []
self.log_groups = []
@@ -85,6 +91,9 @@ class Logs:
)
for page in describe_metric_filters_paginator.paginate():
for filter in page["metricFilters"]:
if not self.audit_resources or (
is_resource_filtered(filter["filterName"], self.audit_resources)
):
self.metric_filters.append(
MetricFilter(
filter["filterName"],
@@ -106,17 +115,20 @@ class Logs:
"describe_log_groups"
)
for page in describe_log_groups_paginator.paginate():
for filter in page["logGroups"]:
for log_group in page["logGroups"]:
if not self.audit_resources or (
is_resource_filtered(log_group["arn"], self.audit_resources)
):
kms = None
retention_days = 0
if "kmsKeyId" in filter:
kms = filter["kmsKeyId"]
if "retentionInDays" in filter:
retention_days = filter["retentionInDays"]
if "kmsKeyId" in log_group:
kms = log_group["kmsKeyId"]
if "retentionInDays" in log_group:
retention_days = log_group["retentionInDays"]
self.log_groups.append(
LogGroup(
filter["arn"],
filter["logGroupName"],
log_group["arn"],
log_group["logGroupName"],
retention_days,
kms,
regional_client.region,

5
prowler/providers/aws/services/codeartifact/codeartifact_service.py
View File

@@ -5,6 +5,7 @@ from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -14,6 +15,7 @@ class CodeArtifact:
self.service = "codeartifact"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# repositories is a dictionary containing all the codeartifact service information
self.repositories = {}
@@ -40,6 +42,9 @@ class CodeArtifact:
)
for page in list_repositories_paginator.paginate():
for repository in page["repositories"]:
if not self.audit_resources or (
is_resource_filtered(repository["arn"], self.audit_resources)
):
package_name = repository["name"]
package_domain_name = repository["domainName"]
package_domain_owner = repository["domainOwner"]

5
prowler/providers/aws/services/codebuild/codebuild_service.py
View File

@@ -4,6 +4,7 @@ from dataclasses import dataclass
from typing import Optional
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -13,6 +14,7 @@ class Codebuild:
self.service = "codebuild"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.projects = []
self.__threading_call__(self.__list_projects__)
@@ -36,6 +38,9 @@ class Codebuild:
list_projects_paginator = regional_client.get_paginator("list_projects")
for page in list_projects_paginator.paginate():
for project in page["projects"]:
if not self.audit_resources or (
is_resource_filtered(project, self.audit_resources)
):
self.projects.append(
CodebuildProject(
name=project,

10
prowler/providers/aws/services/config/config_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class Config:
self.service = "config"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.recorders = []
self.__threading_call__(self.__describe_configuration_recorder_status__)
@@ -33,8 +35,12 @@ class Config:
recorders = regional_client.describe_configuration_recorder_status()[
"ConfigurationRecordersStatus"
]
if recorders:
recorders_count = 0
for recorder in recorders:
if not self.audit_resources or (
is_resource_filtered(recorder["name"], self.audit_resources)
):
recorders_count += 1
if "lastStatus" in recorder:
self.recorders.append(
Recorder(
@@ -54,7 +60,7 @@ class Config:
)
)
# No config recorders in region
else:
if recorders_count == 0:
self.recorders.append(
Recorder(
self.audited_account,

7
prowler/providers/aws/services/directoryservice/directoryservice_service.py
View File

@@ -6,6 +6,7 @@ from typing import Union
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -15,6 +16,7 @@ class DirectoryService:
self.service = "ds"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.directories = {}
self.__threading_call__(self.__describe_directories__)
@@ -43,6 +45,11 @@ class DirectoryService:
)
for page in describe_fleets_paginator.paginate():
for directory in page["DirectoryDescriptions"]:
if not self.audit_resources or (
is_resource_filtered(
directory["DirectoryId"], self.audit_resources
)
):
directory_id = directory["DirectoryId"]
directory_name = directory["Name"]
directory_type = directory["Type"]

11
prowler/providers/aws/services/dynamodb/dynamodb_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class DynamoDB:
self.service = "dynamodb"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.tables = []
self.__threading_call__(self.__list_tables__)
@@ -35,6 +37,9 @@ class DynamoDB:
list_tables_paginator = regional_client.get_paginator("list_tables")
for page in list_tables_paginator.paginate():
for table in page["TableNames"]:
if not self.audit_resources or (
is_resource_filtered(table, self.audit_resources)
):
self.tables.append(
Table(
arn="",
@@ -96,6 +101,7 @@ class DAX:
self.service = "dax"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.clusters = []
self.__threading_call__(self.__describe_clusters__)
@@ -120,6 +126,11 @@ class DAX:
)
for page in describe_clusters_paginator.paginate():
for cluster in page["Clusters"]:
if not self.audit_resources or (
is_resource_filtered(
cluster["ClusterArn"], self.audit_resources
)
):
encryption = False
if "SSEDescription" in cluster:
if cluster["SSEDescription"]["Status"] == "ENABLED":

28
prowler/providers/aws/services/ec2/ec2_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class EC2:
self.session = audit_info.audit_session
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.instances = []
self.__threading_call__(self.__describe_instances__)
@@ -55,6 +57,9 @@ class EC2:
for reservation in page["Reservations"]:
for instance in reservation["Instances"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:instance/{instance['InstanceId']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
http_tokens = None
http_endpoint = None
public_dns = None
@@ -62,7 +67,9 @@ class EC2:
instance_profile = None
if "MetadataOptions" in instance:
http_tokens = instance["MetadataOptions"]["HttpTokens"]
http_endpoint = instance["MetadataOptions"]["HttpEndpoint"]
http_endpoint = instance["MetadataOptions"][
"HttpEndpoint"
]
if (
"PublicDnsName" in instance
and "PublicIpAddress" in instance
@@ -104,6 +111,9 @@ class EC2:
for page in describe_security_groups_paginator.paginate():
for sg in page["SecurityGroups"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:security-group/{sg['GroupId']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
self.security_groups.append(
SecurityGroup(
sg["GroupName"],
@@ -128,6 +138,9 @@ class EC2:
for page in describe_network_acls_paginator.paginate():
for nacl in page["NetworkAcls"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:network-acl/{nacl['NetworkAclId']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
self.network_acls.append(
NetworkACL(
nacl["NetworkAclId"],
@@ -151,6 +164,9 @@ class EC2:
for page in describe_snapshots_paginator.paginate(OwnerIds=["self"]):
for snapshot in page["Snapshots"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:snapshot/{snapshot['SnapshotId']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
if snapshot["Encrypted"]:
encrypted = True
self.snapshots.append(
@@ -231,6 +247,9 @@ class EC2:
public = False
for image in regional_client.describe_images(Owners=["self"])["Images"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:image/{image['ImageId']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
if image["Public"]:
public = True
self.images.append(
@@ -256,6 +275,9 @@ class EC2:
for page in describe_volumes_paginator.paginate():
for volume in page["Volumes"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:volume/{volume['VolumeId']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
self.volumes.append(
Volume(
volume["VolumeId"],
@@ -283,7 +305,9 @@ class EC2:
if "AllocationId" in address:
allocation_id = address["AllocationId"]
elastic_ip_arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:eip-allocation/{allocation_id}"
if not self.audit_resources or (
is_resource_filtered(elastic_ip_arn, self.audit_resources)
):
self.elastic_ips.append(
ElasticIP(
public_ip,

7
prowler/providers/aws/services/ecr/ecr_service.py
View File

@@ -3,6 +3,7 @@ from dataclasses import dataclass
from json import loads
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class ECR:
def __init__(self, audit_info):
self.service = "ecr"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.repositories = []
self.__threading_call__(self.__describe_repositories__)
@@ -38,6 +40,11 @@ class ECR:
)
for page in describe_ecr_paginator.paginate():
for repository in page["repositories"]:
if not self.audit_resources or (
is_resource_filtered(
repository["repositoryArn"], self.audit_resources
)
):
self.repositories.append(
Repository(
name=repository["repositoryName"],

5
prowler/providers/aws/services/ecs/ecs_service.py
View File

@@ -4,6 +4,7 @@ from re import sub
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class ECS:
def __init__(self, audit_info):
self.service = "ecs"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.task_definitions = []
self.__threading_call__(self.__list_task_definitions__)
@@ -36,6 +38,9 @@ class ECS:
list_ecs_paginator = regional_client.get_paginator("list_task_definitions")
for page in list_ecs_paginator.paginate():
for task_definition in page["taskDefinitionArns"]:
if not self.audit_resources or (
is_resource_filtered(task_definition, self.audit_resources)
):
self.task_definitions.append(
TaskDefinition(
# we want the family name without the revision

5
prowler/providers/aws/services/efs/efs_service.py
View File

@@ -4,6 +4,7 @@ from dataclasses import dataclass
from botocore.client import ClientError
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class EFS:
def __init__(self, audit_info):
self.service = "efs"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.filesystems = []
self.__threading_call__(self.__describe_file_systems__)
@@ -37,6 +39,9 @@ class EFS:
)
for page in describe_efs_paginator.paginate():
for efs in page["FileSystems"]:
if not self.audit_resources or (
is_resource_filtered(efs["FileSystemId"], self.audit_resources)
):
self.filesystems.append(
FileSystem(
id=efs["FileSystemId"],

5
prowler/providers/aws/services/eks/eks_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class EKS:
def __init__(self, audit_info):
self.service = "eks"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.clusters = []
self.__threading_call__(self.__list_clusters__)
@@ -34,6 +36,9 @@ class EKS:
list_clusters_paginator = regional_client.get_paginator("list_clusters")
for page in list_clusters_paginator.paginate():
for cluster in page["clusters"]:
if not self.audit_resources or (
is_resource_filtered(cluster, self.audit_resources)
):
self.clusters.append(
EKSCluster(
name=cluster,

8
prowler/providers/aws/services/elb/elb_service.py
View File

@@ -4,6 +4,7 @@ from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -14,6 +15,7 @@ class ELB:
self.session = audit_info.audit_session
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.loadbalancers = []
self.__threading_call__(self.__describe_load_balancers__)
@@ -39,6 +41,10 @@ class ELB:
)
for page in describe_elb_paginator.paginate():
for elb in page["LoadBalancerDescriptions"]:
arn = f"arn:{self.audited_partition}:elasticloadbalancing:{regional_client.region}:{self.audited_account}:loadbalancer/{elb['LoadBalancerName']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
listeners = []
for listener in elb["ListenerDescriptions"]:
listeners.append(
@@ -50,7 +56,7 @@ class ELB:
self.loadbalancers.append(
LoadBalancer(
name=elb["LoadBalancerName"],
arn=f"arn:{self.audited_partition}:elasticloadbalancing:{regional_client.region}:{self.audited_account}:loadbalancer/{elb['LoadBalancerName']}",
arn=arn,
dns=elb["DNSName"],
region=regional_client.region,
scheme=elb["Scheme"],

7
prowler/providers/aws/services/elbv2/elbv2_service.py
View File

@@ -4,6 +4,7 @@ from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class ELBv2:
def __init__(self, audit_info):
self.service = "elbv2"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.loadbalancersv2 = []
self.__threading_call__(self.__describe_load_balancers__)
@@ -40,6 +42,11 @@ class ELBv2:
)
for page in describe_elbv2_paginator.paginate():
for elbv2 in page["LoadBalancers"]:
if not self.audit_resources or (
is_resource_filtered(
elbv2["LoadBalancerArn"], self.audit_resources
)
):
self.loadbalancersv2.append(
LoadBalancerv2(
name=elbv2["LoadBalancerName"],

7
prowler/providers/aws/services/emr/emr_service.py
View File

@@ -4,6 +4,7 @@ from enum import Enum
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -13,6 +14,7 @@ class EMR:
self.service = "emr"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.clusters = {}
self.block_public_access_configuration = {}
@@ -38,6 +40,11 @@ class EMR:
list_clusters_paginator = regional_client.get_paginator("list_clusters")
for page in list_clusters_paginator.paginate():
for cluster in page["Clusters"]:
if not self.audit_resources or (
is_resource_filtered(
cluster["ClusterArn"], self.audit_resources
)
):
cluster_name = cluster["Name"]
cluster_id = cluster["Id"]
cluster_arn = cluster["ClusterArn"]

5
prowler/providers/aws/services/glacier/glacier_service.py
View File

@@ -5,6 +5,7 @@ from botocore.client import ClientError
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -14,6 +15,7 @@ class Glacier:
self.service = "glacier"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.vaults = {}
self.__threading_call__(self.__list_vaults__)
@@ -37,6 +39,9 @@ class Glacier:
list_vaults_paginator = regional_client.get_paginator("list_vaults")
for page in list_vaults_paginator.paginate():
for vault in page["VaultList"]:
if not self.audit_resources or (
is_resource_filtered(vault["VaultARN"], self.audit_resources)
):
vault_name = vault["VaultName"]
vault_arn = vault["VaultARN"]
self.vaults[vault_name] = Vault(

7
prowler/providers/aws/services/globalaccelerator/globalaccelerator_service.py
View File

@@ -1,6 +1,7 @@
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
################### GlobalAccelerator
@@ -9,6 +10,7 @@ class GlobalAccelerator:
self.service = "globalaccelerator"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.accelerators = {}
if audit_info.audited_partition == "aws":
# Global Accelerator is a global service that supports endpoints in multiple AWS Regions
@@ -27,6 +29,11 @@ class GlobalAccelerator:
list_accelerators_paginator = self.client.get_paginator("list_accelerators")
for page in list_accelerators_paginator.paginate():
for accelerator in page["Accelerators"]:
if not self.audit_resources or (
is_resource_filtered(
accelerator["AcceleratorArn"], self.audit_resources
)
):
accelerator_arn = accelerator["AcceleratorArn"]
accelerator_name = accelerator["Name"]
enabled = accelerator["Enabled"]

19
prowler/providers/aws/services/glue/glue_service.py
View File

@@ -4,6 +4,7 @@ from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -13,6 +14,7 @@ class Glue:
self.service = "glue"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.connections = []
self.__threading_call__(self.__get_connections__)
@@ -45,6 +47,9 @@ class Glue:
get_connections_paginator = regional_client.get_paginator("get_connections")
for page in get_connections_paginator.paginate():
for conn in page["ConnectionList"]:
if not self.audit_resources or (
is_resource_filtered(conn["Name"], self.audit_resources)
):
self.connections.append(
Connection(
name=conn["Name"],
@@ -66,6 +71,11 @@ class Glue:
)
for page in get_dev_endpoints_paginator.paginate():
for endpoint in page["DevEndpoints"]:
if not self.audit_resources or (
is_resource_filtered(
endpoint["EndpointName"], self.audit_resources
)
):
self.dev_endpoints.append(
DevEndpoint(
name=endpoint["EndpointName"],
@@ -84,6 +94,9 @@ class Glue:
get_jobs_paginator = regional_client.get_paginator("get_jobs")
for page in get_jobs_paginator.paginate():
for job in page["Jobs"]:
if not self.audit_resources or (
is_resource_filtered(job["Name"], self.audit_resources)
):
self.jobs.append(
Job(
name=job["Name"],
@@ -105,6 +118,9 @@ class Glue:
)
for page in get_security_configurations_paginator.paginate():
for config in page["SecurityConfigurations"]:
if not self.audit_resources or (
is_resource_filtered(config["Name"], self.audit_resources)
):
self.security_configs.append(
SecurityConfig(
name=config["Name"],
@@ -138,6 +154,9 @@ class Glue:
logger.info("Glue - Search Tables...")
try:
for table in regional_client.search_tables()["TableList"]:
if not self.audit_resources or (
is_resource_filtered(table["Name"], self.audit_resources)
):
self.tables.append(
Table(
name=table["Name"],

5
prowler/providers/aws/services/guardduty/guardduty_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class GuardDuty:
def __init__(self, audit_info):
self.service = "guardduty"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.detectors = []
self.__threading_call__(self.__list_detectors__)
@@ -35,6 +37,9 @@ class GuardDuty:
list_detectors_paginator = regional_client.get_paginator("list_detectors")
for page in list_detectors_paginator.paginate():
for detector in page["DetectorIds"]:
if not self.audit_resources or (
is_resource_filtered(detector, self.audit_resources)
):
self.detectors.append(
Detector(id=detector, region=regional_client.region)
)

21
prowler/providers/aws/services/iam/iam_service.py
View File

@@ -3,6 +3,7 @@ from dataclasses import dataclass
from datetime import datetime
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -29,6 +30,7 @@ class IAM:
self.service = "iam"
self.session = audit_info.audit_session
self.account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.partition = audit_info.audited_partition
self.client = self.session.client(self.service)
global_client = generate_regional_clients(
@@ -68,6 +70,9 @@ class IAM:
roles = []
for page in get_roles_paginator.paginate():
for role in page["Roles"]:
if not self.audit_resources or (
is_resource_filtered(role["Arn"], self.audit_resources)
):
roles.append(
Role(
name=role["RoleName"],
@@ -112,6 +117,9 @@ class IAM:
groups = []
for page in get_groups_paginator.paginate():
for group in page["Groups"]:
if not self.audit_resources or (
is_resource_filtered(group["Arn"], self.audit_resources)
):
groups.append(Group(group["GroupName"], group["Arn"]))
return groups
@@ -175,12 +183,17 @@ class IAM:
users = []
for page in get_users_paginator.paginate():
for user in page["Users"]:
if not self.audit_resources or (
is_resource_filtered(user["Arn"], self.audit_resources)
):
if "PasswordLastUsed" not in user:
users.append(User(user["UserName"], user["Arn"], None))
else:
users.append(
User(
user["UserName"], user["Arn"], user["PasswordLastUsed"]
user["UserName"],
user["Arn"],
user["PasswordLastUsed"],
)
)
@@ -330,6 +343,9 @@ class IAM:
list_policies_paginator = self.client.get_paginator("list_policies")
for page in list_policies_paginator.paginate(Scope="Local"):
for policy in page["Policies"]:
if not self.audit_resources or (
is_resource_filtered(policy["Arn"], self.audit_resources)
):
policies.append(policy)
except Exception as error:
logger.error(
@@ -369,6 +385,9 @@ class IAM:
for certificate in self.client.list_server_certificates()[
"ServerCertificateMetadataList"
]:
if not self.audit_resources or (
is_resource_filtered(certificate["Arn"], self.audit_resources)
):
server_certificates.append(
Certificate(
certificate["ServerCertificateName"],

5
prowler/providers/aws/services/kms/kms_service.py
View File

@@ -3,6 +3,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class KMS:
self.service = "kms"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.keys = []
self.__threading_call__(self.__list_keys__)
@@ -37,6 +39,9 @@ class KMS:
list_keys_paginator = regional_client.get_paginator("list_keys")
for page in list_keys_paginator.paginate():
for key in page["Keys"]:
if not self.audit_resources or (
is_resource_filtered(key["KeyArn"], self.audit_resources)
):
self.keys.append(
Key(
key["KeyId"],

5
prowler/providers/aws/services/opensearch/opensearch_service.py
View File

@@ -4,6 +4,7 @@ from json import loads
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class OpenSearchService:
def __init__(self, audit_info):
self.service = "opensearch"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.opensearch_domains = []
self.__threading_call__(self.__list_domain_names__)
@@ -35,6 +37,9 @@ class OpenSearchService:
try:
domains = regional_client.list_domain_names()
for domain in domains["DomainNames"]:
if not self.audit_resources or (
is_resource_filtered(domain["DomainName"], self.audit_resources)
):
self.opensearch_domains.append(
OpenSearchDomain(
name=domain["DomainName"], region=regional_client.region

18
prowler/providers/aws/services/rds/rds_service.py
View File

@@ -4,6 +4,7 @@ from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -13,6 +14,7 @@ class RDS:
self.service = "rds"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.db_instances = []
self.db_snapshots = []
@@ -43,6 +45,11 @@ class RDS:
)
for page in describe_db_instances_paginator.paginate():
for instance in page["DBInstances"]:
if not self.audit_resources or (
is_resource_filtered(
instance["DBInstanceIdentifier"], self.audit_resources
)
):
if instance["Engine"] != "docdb":
self.db_instances.append(
DBInstance(
@@ -82,6 +89,11 @@ class RDS:
)
for page in describe_db_snapshots_paginator.paginate():
for snapshot in page["DBSnapshots"]:
if not self.audit_resources or (
is_resource_filtered(
snapshot["DBSnapshotIdentifier"], self.audit_resources
)
):
if snapshot["Engine"] != "docdb":
self.db_snapshots.append(
DBSnapshot(
@@ -120,6 +132,12 @@ class RDS:
)
for page in describe_db_snapshots_paginator.paginate():
for snapshot in page["DBClusterSnapshots"]:
if not self.audit_resources or (
is_resource_filtered(
snapshot["DBClusterSnapshotIdentifier"],
self.audit_resources,
)
):
if snapshot["Engine"] != "docdb":
self.db_cluster_snapshots.append(
ClusterSnapshot(

7
prowler/providers/aws/services/redshift/redshift_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class Redshift:
def __init__(self, audit_info):
self.service = "redshift"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.clusters = []
self.__threading_call__(self.__describe_clusters__)
@@ -35,6 +37,11 @@ class Redshift:
list_clusters_paginator = regional_client.get_paginator("describe_clusters")
for page in list_clusters_paginator.paginate():
for cluster in page["Clusters"]:
if not self.audit_resources or (
is_resource_filtered(
cluster["ClusterIdentifier"], self.audit_resources
)
):
cluster_to_append = Cluster(
id=cluster["ClusterIdentifier"],
region=regional_client.region,

8
prowler/providers/aws/services/route53/route53_service.py
View File

@@ -1,6 +1,7 @@
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -10,6 +11,7 @@ class Route53:
self.service = "route53"
self.session = audit_info.audit_session
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.hosted_zones = {}
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
@@ -30,6 +32,10 @@ class Route53:
for page in list_hosted_zones_paginator.paginate():
for hosted_zone in page["HostedZones"]:
hosted_zone_id = hosted_zone["Id"].replace("/hostedzone/", "")
arn = f"arn:{self.audited_partition}:route53:::{hosted_zone_id}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
hosted_zone_name = hosted_zone["Name"]
private_zone = hosted_zone["Config"]["PrivateZone"]
@@ -37,7 +43,7 @@ class Route53:
id=hosted_zone_id,
name=hosted_zone_name,
private_zone=private_zone,
arn=f"arn:{self.audited_partition}:route53:::{hosted_zone_id}",
arn=arn,
region=self.region,
)

9
prowler/providers/aws/services/s3/s3_service.py
View File

@@ -3,6 +3,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -13,6 +14,7 @@ class S3:
self.session = audit_info.audit_session
self.client = self.session.client(self.service)
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.buckets = self.__list_buckets__(audit_info)
@@ -50,10 +52,15 @@ class S3:
bucket_region = "us-east-1"
# Arn
arn = f"arn:{self.audited_partition}:s3:::{bucket['Name']}"
if not self.audit_resources or (
is_resource_filtered(arn, self.audit_resources)
):
# Check if there are filter regions
if audit_info.audited_regions:
if bucket_region in audit_info.audited_regions:
buckets.append(Bucket(bucket["Name"], arn, bucket_region))
buckets.append(
Bucket(bucket["Name"], arn, bucket_region)
)
else:
buckets.append(Bucket(bucket["Name"], arn, bucket_region))
except Exception as error:

16
prowler/providers/aws/services/sagemaker/sagemaker_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class SageMaker:
def __init__(self, audit_info):
self.service = "sagemaker"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.sagemaker_notebook_instances = []
self.sagemaker_models = []
@@ -42,6 +44,12 @@ class SageMaker:
)
for page in list_notebook_instances_paginator.paginate():
for notebook_instance in page["NotebookInstances"]:
if not self.audit_resources or (
is_resource_filtered(
notebook_instance["NotebookInstanceArn"],
self.audit_resources,
)
):
self.sagemaker_notebook_instances.append(
NotebookInstance(
name=notebook_instance["NotebookInstanceName"],
@@ -60,6 +68,9 @@ class SageMaker:
list_models_paginator = regional_client.get_paginator("list_models")
for page in list_models_paginator.paginate():
for model in page["Models"]:
if not self.audit_resources or (
is_resource_filtered(model["ModelArn"], self.audit_resources)
):
self.sagemaker_models.append(
Model(
name=model["ModelName"],
@@ -80,6 +91,11 @@ class SageMaker:
)
for page in list_training_jobs_paginator.paginate():
for training_job in page["TrainingJobSummaries"]:
if not self.audit_resources or (
is_resource_filtered(
training_job["TrainingJobArn"], self.audit_resources
)
):
self.sagemaker_training_jobs.append(
TrainingJob(
name=training_job["TrainingJobName"],

5
prowler/providers/aws/services/secretsmanager/secretsmanager_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class SecretsManager:
self.service = "secretsmanager"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.secrets = {}
self.__threading_call__(self.__list_secrets__)
@@ -34,6 +36,9 @@ class SecretsManager:
list_secrets_paginator = regional_client.get_paginator("list_secrets")
for page in list_secrets_paginator.paginate():
for secret in page["SecretList"]:
if not self.audit_resources or (
is_resource_filtered(secret["ARN"], self.audit_resources)
):
self.secrets[secret["Name"]] = Secret(
arn=secret["ARN"],
name=secret["Name"],

15
prowler/providers/aws/services/securityhub/securityhub_service.py
View File

@@ -2,6 +2,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class SecurityHub:
self.service = "securityhub"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.securityhubs = []
self.__threading_call__(self.__describe_hub__)
@@ -51,6 +53,9 @@ class SecurityHub:
else:
# SecurityHub is active so get HubArn
hub_arn = regional_client.describe_hub()["HubArn"]
if not self.audit_resources or (
is_resource_filtered(hub_arn, self.audit_resources)
):
hub_id = hub_arn.split("/")[1]
self.securityhubs.append(
SecurityHubHub(
@@ -61,6 +66,16 @@ class SecurityHub:
regional_client.region,
)
)
else:
self.securityhubs.append(
SecurityHubHub(
"",
"Security Hub",
"NOT_AVAILABLE",
"",
regional_client.region,
)
)
except Exception as error:
# Check if Account is subscribed to Security Hub

7
prowler/providers/aws/services/sns/sns_service.py
View File

@@ -4,6 +4,7 @@ from json import loads
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class SNS:
def __init__(self, audit_info):
self.service = "sns"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.topics = []
self.__threading_call__(self.__list_topics__)
@@ -35,6 +37,11 @@ class SNS:
list_topics_paginator = regional_client.get_paginator("list_topics")
for page in list_topics_paginator.paginate():
for topic_arn in page["Topics"]:
if not self.audit_resources or (
is_resource_filtered(
topic_arn["TopicArn"], self.audit_resources
)
):
self.topics.append(
Topic(
name=topic_arn["TopicArn"].rsplit(":", 1)[1],

5
prowler/providers/aws/services/sqs/sqs_service.py
View File

@@ -4,6 +4,7 @@ from json import loads
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class SQS:
def __init__(self, audit_info):
self.service = "sqs"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.queues = []
self.__threading_call__(self.__list_queues__)
@@ -36,6 +38,9 @@ class SQS:
for page in list_queues_paginator.paginate():
if "QueueUrls" in page:
for queue in page["QueueUrls"]:
if not self.audit_resources or (
is_resource_filtered(queue, self.audit_resources)
):
self.queues.append(
Queue(
id=queue,

5
prowler/providers/aws/services/ssm/ssm_service.py
View File

@@ -5,6 +5,7 @@ from enum import Enum
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -14,6 +15,7 @@ class SSM:
self.service = "ssm"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.documents = {}
self.compliance_resources = {}
@@ -53,6 +55,9 @@ class SSM:
list_documents_paginator = regional_client.get_paginator("list_documents")
for page in list_documents_paginator.paginate(**list_documents_parameters):
for document in page["DocumentIdentifiers"]:
if not self.audit_resources or (
is_resource_filtered(document["Name"], self.audit_resources)
):
document_name = document["Name"]
self.documents[document_name] = Document(

20
prowler/providers/aws/services/vpc/vpc_service.py
View File

@@ -3,6 +3,7 @@ import threading
from dataclasses import dataclass
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -12,6 +13,7 @@ class VPC:
self.service = "ec2"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.vpcs = []
self.vpc_peering_connections = []
@@ -43,6 +45,9 @@ class VPC:
describe_vpcs_paginator = regional_client.get_paginator("describe_vpcs")
for page in describe_vpcs_paginator.paginate():
for vpc in page["Vpcs"]:
if not self.audit_resources or (
is_resource_filtered(vpc["VpcId"], self.audit_resources)
):
self.vpcs.append(
VPCs(
vpc["VpcId"],
@@ -64,6 +69,11 @@ class VPC:
)
for page in describe_vpc_peering_connections_paginator.paginate():
for conn in page["VpcPeeringConnections"]:
if not self.audit_resources or (
is_resource_filtered(
conn["VpcPeeringConnectionId"], self.audit_resources
)
):
self.vpc_peering_connections.append(
VpcPeeringConnection(
conn["VpcPeeringConnectionId"],
@@ -140,6 +150,11 @@ class VPC:
)
for page in describe_vpc_endpoints_paginator.paginate():
for endpoint in page["VpcEndpoints"]:
if not self.audit_resources or (
is_resource_filtered(
endpoint["VpcEndpointId"], self.audit_resources
)
):
endpoint_policy = None
if endpoint.get("PolicyDocument"):
endpoint_policy = json.loads(endpoint["PolicyDocument"])
@@ -167,6 +182,11 @@ class VPC:
for page in describe_vpc_endpoint_services_paginator.paginate():
for endpoint in page["ServiceDetails"]:
if endpoint["Owner"] != "amazon":
if not self.audit_resources or (
is_resource_filtered(
endpoint["ServiceId"], self.audit_resources
)
):
self.vpc_endpoint_services.append(
VpcEndpointService(
endpoint["ServiceId"],

5
prowler/providers/aws/services/waf/waf_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class WAF:
def __init__(self, audit_info):
self.service = "waf-regional"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.web_acls = []
self.__threading_call__(self.__list_web_acls__)
@@ -32,6 +34,9 @@ class WAF:
logger.info("WAF - Listing Regional Web ACLs...")
try:
for waf in regional_client.list_web_acls()["WebACLs"]:
if not self.audit_resources or (
is_resource_filtered(waf["WebACLId"], self.audit_resources)
):
self.web_acls.append(
WebAcl(
name=waf["Name"],

5
prowler/providers/aws/services/wafv2/wafv2_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class WAFv2:
def __init__(self, audit_info):
self.service = "wafv2"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.web_acls = []
self.__threading_call__(self.__list_web_acls__)
@@ -32,6 +34,9 @@ class WAFv2:
logger.info("WAFv2 - Listing Regional Web ACLs...")
try:
for wafv2 in regional_client.list_web_acls(Scope="REGIONAL")["WebACLs"]:
if not self.audit_resources or (
is_resource_filtered(wafv2["ARN"], self.audit_resources)
):
self.web_acls.append(
WebAclv2(
arn=wafv2["ARN"],

7
prowler/providers/aws/services/workspaces/workspaces_service.py
View File

@@ -3,6 +3,7 @@ import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
@@ -11,6 +12,7 @@ class WorkSpaces:
def __init__(self, audit_info):
self.service = "workspaces"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.workspaces = []
self.__threading_call__(self.__describe_workspaces__)
@@ -35,6 +37,11 @@ class WorkSpaces:
)
for page in describe_workspaces_paginator.paginate():
for workspace in page["Workspaces"]:
if not self.audit_resources or (
is_resource_filtered(
workspace["WorkspaceId"], self.audit_resources
)
):
workspace_to_append = WorkSpace(
id=workspace["WorkspaceId"], region=regional_client.region
)

37
prowler/providers/common/audit_info.py
View File

@@ -96,7 +96,7 @@ Caller Identity ARN: {Fore.YELLOW}[{audit_info.audited_identity_arn}]{Style.RESE
"""
set_aws_audit_info returns the AWS_Audit_Info
"""
logger.info("Setting Azure session ...")
logger.info("Setting AWS session ...")
# Assume Role Options
input_role = arguments.get("role")
@@ -236,6 +236,11 @@ Caller Identity ARN: {Fore.YELLOW}[{audit_info.audited_identity_arn}]{Style.RESE
if not arguments.get("only_logs"):
self.print_audit_credentials(current_audit_info)
# Parse Scan Tags
input_scan_tags = arguments.get("scan_tags")
current_audit_info.audit_resources = get_tagged_resources(
input_scan_tags, current_audit_info
)
return current_audit_info
def set_azure_audit_info(self, arguments) -> Azure_Audit_Info:
@@ -287,3 +292,33 @@ def set_provider_audit_info(provider: str, arguments: dict):
sys.exit()
else:
return provider_audit_info
def get_tagged_resources(input_scan_tags: list, current_audit_info: AWS_Audit_Info):
"""
get_tagged_resources returns a list of the resources that are going to be scanned based on the given input tags
"""
try:
scan_tags = []
tagged_resources = []
if input_scan_tags:
for tag in input_scan_tags:
key = tag.split("=")[0]
value = tag.split("=")[1]
scan_tags.append({"Key": key, "Values": [value]})
# Get Resources with scan_tags for all regions
for region in current_audit_info.audited_regions:
client = current_audit_info.audit_session.client(
"resourcegroupstaggingapi", region_name=region
)
get_resources_paginator = client.get_paginator("get_resources")
for page in get_resources_paginator.paginate(TagFilters=scan_tags):
for resource in page["ResourceTagMappingList"]:
tagged_resources.append(resource["ResourceARN"])
except Exception as error:
logger.critical(
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
sys.exit()
else:
return tagged_resources

19
tests/lib/cli/parser_test.py
View File

@@ -54,6 +54,7 @@ class Test_Parser:
assert not parsed.output_bucket_no_assume
assert not parsed.shodan
assert not parsed.allowlist_file
assert not parsed.scan_tags
def test_default_parser_no_arguments_azure(self):
provider = "azure"
@@ -795,6 +796,24 @@ class Test_Parser:
parsed = self.parser.parse(command)
assert parsed.allowlist_file == allowlist_file
def test_aws_parser_scan_tags_short(self):
argument = "-t"
scan_tag = "Key=Value"
command = [prowler_command, argument, scan_tag]
parsed = self.parser.parse(command)
assert len(parsed.scan_tags) == 1
assert scan_tag in parsed.scan_tags
def test_aws_parser_scan_tags_long(self):
argument = "--scan-tags"
scan_tag1 = "Key=Value"
scan_tag2 = "Key2=Value2"
command = [prowler_command, argument, scan_tag1, scan_tag2]
parsed = self.parser.parse(command)
assert len(parsed.scan_tags) == 2
assert scan_tag1 in parsed.scan_tags
assert scan_tag2 in parsed.scan_tags
def test_parser_azure_auth_sp(self):
argument = "--sp-env-auth"
command = [prowler_command, "azure", argument]

4
tests/lib/outputs/outputs_test.py
View File

@@ -81,6 +81,7 @@ class Test_Outputs:
assumed_role_info=None,
audited_regions=["eu-west-2", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
test_output_modes = [
["csv"],
@@ -258,6 +259,7 @@ class Test_Outputs:
assumed_role_info=None,
audited_regions=["eu-west-2", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
finding = Check_Report(
load_check_metadata(
@@ -327,6 +329,7 @@ class Test_Outputs:
assumed_role_info=None,
audited_regions=["eu-west-2", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
# Creat mock bucket
bucket_name = "test_bucket"
@@ -429,6 +432,7 @@ class Test_Outputs:
assumed_role_info=None,
audited_regions=["eu-west-2", "eu-west-1"],
organizations_metadata=None,
audit_resources=None,
)
finding = Check_Report(
load_check_metadata(

17
tests/lib/scan_filters/scan_filters_test.py Normal file
View File

@@ -0,0 +1,17 @@
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
class Test_Scan_Filters:
def test_is_resource_filtered(self):
audit_resources = [
"arn:aws:iam::123456789012:user/test_user",
"arn:aws:s3:::test_bucket",
]
assert is_resource_filtered(
"arn:aws:iam::123456789012:user/test_user", audit_resources
)
assert not is_resource_filtered(
"arn:aws:iam::123456789012:user/test1", audit_resources
)
assert is_resource_filtered("test_bucket", audit_resources)
assert is_resource_filtered("arn:aws:s3:::test_bucket", audit_resources)

4
tests/providers/aws/aws_provider_test.py
View File

@@ -56,6 +56,7 @@ class Test_AWS_Provider:
),
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
)
# Call assume_role
@@ -109,6 +110,7 @@ class Test_AWS_Provider:
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
)
generate_regional_clients_response = generate_regional_clients(
"ec2", audit_info
@@ -137,6 +139,7 @@ class Test_AWS_Provider:
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
)
generate_regional_clients_response = generate_regional_clients(
"route53", audit_info, global_service=True
@@ -164,6 +167,7 @@ class Test_AWS_Provider:
assumed_role_info=None,
audited_regions=audited_regions,
organizations_metadata=None,
audit_resources=None,
)
generate_regional_clients_response = generate_regional_clients(
"shield", audit_info, global_service=True

1
tests/providers/aws/lib/allowlist/allowlist_test.py
View File

@@ -32,6 +32,7 @@ class Test_Allowlist:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/acm/acm_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_ACM_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/apigateway/apigateway_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_APIGateway_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py
View File

@@ -58,6 +58,7 @@ class Test_ApiGatewayV2_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/autoscaling/autoscaling_service_test.py
View File

@@ -29,6 +29,7 @@ class Test_AutoScaling_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py
View File

@@ -42,6 +42,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/awslambda/awslambda_service_test.py
View File

@@ -74,6 +74,7 @@ class Test_Lambda_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/cloudformation/cloudformation_service_test.py
View File

@@ -151,6 +151,7 @@ class Test_CloudFormation_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/cloudfront/cloudfront_service_test.py
View File

@@ -161,6 +161,7 @@ class Test_CloudFront_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py
View File

@@ -26,6 +26,7 @@ class Test_Cloudtrail_Service:
assumed_role_info=None,
audited_regions=["eu-west-1", "us-east-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_CloudWatch_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/codebuild/codebuild_service_test.py
View File

@@ -70,6 +70,7 @@ class Test_Codebuild_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/config/config_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_Config_Service:
assumed_role_info=None,
audited_regions=["eu-west-1", "us-east-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/dynamodb/dynamodb_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_DynamoDB_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/ec2/ec2_service_test.py
View File

@@ -36,6 +36,7 @@ class Test_EC2_Service:
assumed_role_info=None,
audited_regions=["eu-west-1", "us-east-1"],
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/ecr/ecr_service_test.py
View File

@@ -87,6 +87,7 @@ class Test_ECR_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/ecs/ecs_service_test.py
View File

@@ -39,6 +39,7 @@ class Test_ECS_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/efs/efs_service_test.py
View File

@@ -70,6 +70,7 @@ class Test_EFS:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/eks/eks_service_test.py
View File

@@ -44,6 +44,7 @@ class Test_EKS_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/elb/elb_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_ELB_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/elbv2/elbv2_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_ELBv2_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py
View File

@@ -30,6 +30,7 @@ class Test_emr_cluster_publicly_accesible:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/emr/emr_service_test.py
View File

@@ -66,6 +66,7 @@ class Test_EMR_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py
View File

@@ -65,6 +65,7 @@ class Test_GlobalAccelerator_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/glue/glue_service_test.py
View File

@@ -135,6 +135,7 @@ class Test_Glue_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/guardduty/guardduty_service_test.py
View File

@@ -49,6 +49,7 @@ class Test_GuardDuty_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/iam/iam_service_test.py
View File

@@ -30,6 +30,7 @@ class Test_IAM_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/kms/kms_service_test.py
View File

@@ -29,6 +29,7 @@ class Test_ACM_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/opensearch/opensearch_service_test.py
View File

@@ -115,6 +115,7 @@ class Test_OpenSearchService_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/rds/rds_service_test.py
View File

@@ -27,6 +27,7 @@ class Test_RDS_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/redshift/redshift_service_test.py
View File

@@ -75,6 +75,7 @@ class Test_Redshift_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/route53/route53_service_test.py
View File

@@ -43,6 +43,7 @@ class Test_Route53_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/route53/route53domains_service_test.py
View File

@@ -82,6 +82,7 @@ class Test_Route53_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py
View File

@@ -29,6 +29,7 @@ class Test_s3_account_level_public_access_blocks:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py
View File

@@ -30,6 +30,7 @@ class Test_s3_bucket_public_access:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/s3/s3_service_test.py
View File

@@ -30,6 +30,7 @@ class Test_S3_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/sagemaker/sagemaker_service_test.py
View File

@@ -116,6 +116,7 @@ class Test_SageMaker_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py
View File

@@ -45,6 +45,7 @@ class Test_SecretsManager_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py
View File

@@ -42,6 +42,7 @@ class Test_shield_advanced_protection_in_associated_elastic_ips:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py
View File

@@ -29,6 +29,7 @@ class Test_shield_advanced_protection_in_classic_load_balancers:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py
View File

@@ -42,6 +42,7 @@ class Test_shield_advanced_protection_in_internet_facing_load_balancers:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

1
tests/providers/aws/services/shield/shield_service_test.py
View File

@@ -52,6 +52,7 @@ class Test_Shield_Service:
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=None,
)
return audit_info

Some files were not shown because too many files have changed in this diff Show More