ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed aws organizations multi-account s3 upload issue

Browse Source
This commit is contained in:
IB (AWS)
2021-06-28 14:49:54 -07:00
parent 583cffaefb
commit 8c74ef102f
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
util/org-multi-account/ProwlerEC2.yaml
View File

@@ -334,6 +334,7 @@ Resources:
- s3:GetObject
- s3:PutObject
- s3:ListBucket
- s3:PutObjectAcl
- PolicyName: Prowler-CrossAccount-AssumeRole
PolicyDocument:
Version: 2012-10-17

1
util/org-multi-account/ProwlerS3.yaml
View File

@@ -60,6 +60,7 @@ Resources:
- s3:GetObject
- s3:PutObject
- s3:ListBucket
- s3:PutObjectAcl
Resource:
- !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}
- !Sub arn:${AWS::Partition}:s3:::${ProwlerS3}/*

14
util/org-multi-account/src/run-prowler-reports.sh
View File

@@ -91,9 +91,6 @@ for accountId in $ACCOUNTS_IN_ORGS; do
# remove -g cislevel for a full report and add other formats if needed
./prowler/prowler -R "$ROLE" -A "$accountId" -g cislevel1 -M html
echo "Report stored locally at: prowler/output/ directory"
# Upload Prowler Report to S3
s3_account_session
aws s3 cp prowler/output/ "$S3/reports/" --recursive --include "*.html"
TOTAL_SEC=$((SECONDS - START_TIME))
echo -e "Completed AWS Account: $accountId, using Role: $ROLE on $(date)"
printf "Completed AWS Account: $accountId in %02dh:%02dm:%02ds" $((TOTAL_SEC / 3600)) $((TOTAL_SEC % 3600 / 60)) $((TOTAL_SEC % 60))
@@ -103,7 +100,16 @@ done
# Wait for All Prowler Processes to finish
wait
echo "Prowler Assessments Completed against All Accounts in the AWS Organization"
echo "Prowler Assessments Completed against All Accounts in the AWS Organization. Starting S3 copy operations..."
# Upload Prowler Report to S3
s3_account_session
aws s3 cp prowler/output/ "$S3/reports/" --recursive --include "*.html" --acl bucket-owner-full-control
echo "Assessment reports successfully copied to S3 bucket"
# Final Wait for All Prowler Processes to finish
wait
echo "Prowler Assessments Completed"
# Unset AWS Profile Variables
unset_aws