ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(docs): add STS Endpoint and Allowlist updates (#2964)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-25 13:58:59 +02:00
committed by GitHub
parent f7312db0c7
commit 41085049e2
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/tutorials/allowlist.md
View File

@@ -82,11 +82,11 @@ You can use `-w`/`--allowlist-file` with the path of your allowlist yaml file, b
Tags:
- "environment=prod" # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod
## AWS Control Tower Allowlist
When using Control Tower, guardrails prevent access to certain protected resources. Prowler has an allowlist that ensures that warnings instead of errors are reported for all resources created by AWS Control Tower when setting up a landing zone.
You can execute Prowler with the AWS Control Tower allowlist using the following command:
## Default AWS Allowlist
Prowler provides you a Default AWS Allowlist with the AWS Resources that should be allowlisted such as all resources created by AWS Control Tower when setting up a landing zone.
You can execute Prowler with this allowlist using the following command:
```sh
prowler aws --allowlist prowler/config/aws_controltower_allowlist.yaml
prowler aws --allowlist prowler/config/aws_allowlist.yaml
```
## Supported Allowlist Locations