From ad3cd66e08e818b22bc487396cf50c5ac042251c Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Thu, 10 Aug 2023 09:56:47 +0200 Subject: [PATCH] docs(organizations): fix script and improve titles (#2693) --- docs/tutorials/aws/organizations.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/tutorials/aws/organizations.md b/docs/tutorials/aws/organizations.md index d9b773d8..63494976 100644 --- a/docs/tutorials/aws/organizations.md +++ b/docs/tutorials/aws/organizations.md @@ -1,5 +1,5 @@ # AWS Organizations -## Get AWS Account details from your AWS Organization: +## Get AWS Account details from your AWS Organization Prowler allows you to get additional information of the scanned account in CSV and JSON outputs. When scanning a single account you get the Account ID as part of the output. @@ -30,7 +30,7 @@ The additional fields in CSV header output are as follow: ACCOUNT_DETAILS_EMAIL,ACCOUNT_DETAILS_NAME,ACCOUNT_DETAILS_ARN,ACCOUNT_DETAILS_ORG,ACCOUNT_DETAILS_TAGS ``` -## Assume Role and across all accounts in AWS Organizations or just a list of accounts: +## Extra: run Prowler across all accounts in AWS Organizations by assuming roles If you want to run Prowler across all accounts of AWS Organizations you can do this: @@ -43,7 +43,7 @@ ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[?Status==`AC - Then run Prowler to assume a role (same in all members) per each account, in this example it is just running one particular check: ``` -for accountId in $ACCOUNTS_IN_ORGS; do prowler aws -O arn:aws:iam:::role/; done +for accountId in $ACCOUNTS_IN_ORGS; do prowler aws -O arn:aws:iam:::role/ -R arn:aws:iam::$accountId:role/; done ``` - Using the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'`