ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(docs): allowlist non-default regions (#2980)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-30 21:52:25 +01:00
committed by GitHub
parent bb543cb5db
commit a7a2e24d42
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/tutorials/allowlist.md
View File

@@ -82,6 +82,20 @@ You can use `-w`/`--allowlist-file` with the path of your allowlist yaml file, b
Tags:
- "environment=prod" # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod
## Allowlist specific regions
If you want to allowlist/mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w allowlist.yaml`:
Allowlist:
Accounts:
"*":
Checks:
"*":
Regions:
- "ap-southeast-1"
- "ap-southeast-2"
Resources:
- "*"
## Default AWS Allowlist
Prowler provides you a Default AWS Allowlist with the AWS Resources that should be allowlisted such as all resources created by AWS Control Tower when setting up a landing zone.
You can execute Prowler with this allowlist using the following command: