diff --git a/docs/tutorials/allowlist.md b/docs/tutorials/allowlist.md index 900da86f..dff1a155 100644 --- a/docs/tutorials/allowlist.md +++ b/docs/tutorials/allowlist.md @@ -82,6 +82,20 @@ You can use `-w`/`--allowlist-file` with the path of your allowlist yaml file, b Tags: - "environment=prod" # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod +## Allowlist specific regions +If you want to allowlist/mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w allowlist.yaml`: + + Allowlist: + Accounts: + "*": + Checks: + "*": + Regions: + - "ap-southeast-1" + - "ap-southeast-2" + Resources: + - "*" + ## Default AWS Allowlist Prowler provides you a Default AWS Allowlist with the AWS Resources that should be allowlisted such as all resources created by AWS Control Tower when setting up a landing zone. You can execute Prowler with this allowlist using the following command: diff --git a/prowler/config/config.yaml b/prowler/config/config.yaml index 4a4fe73d..89568e77 100644 --- a/prowler/config/config.yaml +++ b/prowler/config/config.yaml @@ -2,8 +2,19 @@ aws: # AWS Global Configuration - # aws.allowlist_non_default_regions --> Allowlist Failed Findings in non-default regions for GuardDuty, SecurityHub, DRS and Config + # aws.allowlist_non_default_regions --> Set to True to allowlist failed findings in non-default regions for GuardDuty, SecurityHub, DRS and Config allowlist_non_default_regions: False + # If you want to allowlist/mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w allowlist.yaml`: + # Allowlist: + # Accounts: + # "*": + # Checks: + # "*": + # Regions: + # - "ap-southeast-1" + # - "ap-southeast-2" + # Resources: + # - "*" # AWS IAM Configuration # aws.iam_user_accesskey_unused --> CIS recommends 45 days