ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Typo (breaking change) (#1010)

Browse Source 
Co-authored-by: Daniel Lorch <lorchda@amazon.ch>
This commit is contained in:
Daniel Lorch
2022-02-02 17:13:31 +01:00
committed by GitHub
parent 72b30aa45f
commit b26370d508
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
util/org-multi-account/serverless_codebuild/README.md
View File

@@ -19,12 +19,12 @@ For more information on how to use prowler, see [here](https://github.com/prowle
1. Deploy [ProwlerRole.yaml](templates/ProwlerRole.yaml) stack to CloudFormation in a bid to create resources to master account itself.
(The template will be also deployed for other member accounts as a StackSet)
- ProwlerCodeBuildAccount : Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account)
- ProwlerCodeBulidRole : Role name to use in CodeBuild service
- ProwlerCodeBuildRole : Role name to use in CodeBuild service
- ProwlerCrossAccountRole : Role name to assume for Cross account
- ProwlerS3 : The S3 bucket name where reports will be put
1. Create **StackSet** with [ProwlerRole.yaml](templates/ProwlerRole.yaml) to deploy Role into member accounts in AWS Organizations.
- ProwlerCodeBuildAccount : Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account)
- ProwlerCodeBulidRole : Role name to use in CodeBuild service
- ProwlerCodeBuildRole : Role name to use in CodeBuild service
- ProwlerCrossAccountRole : Role name to assume for Cross account
- ProwlerS3 : The S3 bucket name where reports will be put
- Permission : Service-managed permissions

4
util/org-multi-account/serverless_codebuild/README_kr.md
View File

@@ -23,7 +23,7 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud
[ProwlerRole.yaml](templates/ProwlerRole.yaml)
- ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Acccount ID
- ProwlerCodeBulidRole : CodeBuild의 생성될 Role 이름
- ProwlerCodeBuildRole : CodeBuild의 생성될 Role 이름
- ProwlerCrossAccountRole : Cross account 용 Assume할 Role 이름
- ProwlerS3 : report 가 저장될 S3 bucket 명
2. 아래 템플릿을 이용하여 CloudFormation **StackSet**을 생성하여, Organazation에 포함된 account 대상으로도 아래 템플릿을 배포합니다.
@@ -31,7 +31,7 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud
[ProwlerRole.yaml](templates/ProwlerRole.yaml)
- ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Acccount
- ProwlerCodeBulidRole : CodeBuild에서 사용할 Role 이름
- ProwlerCodeBuildRole : CodeBuild에서 사용할 Role 이름
- ProwlerCrossAccountRole : Cross account 용 Assume할 Role 이름
- ProwlerS3 : report 가 저장될 S3 bucket 명
- Permission : Service-managed permissions

6
util/org-multi-account/serverless_codebuild/templates/ProwlerRole.yaml
View File

@@ -8,7 +8,7 @@ Metadata:
default: CodeBuild Settings
Parameters:
- ProwlerCodeBuildAccount
- ProwlerCodeBulidRole
- ProwlerCodeBuildRole
- Label:
default: S3 Settings
Parameters:
@@ -30,7 +30,7 @@ Parameters:
AllowedPattern: ^\d{12}$
ConstraintDescription: An AWS Account Number must be a 12 digit numeric string.
Default: 411267690458
ProwlerCodeBulidRole:
ProwlerCodeBuildRole:
Type: String
Description: Enter Instance Role that will be given to the Prowler CodeBuild (needed to grant sts:AssumeRole rights).
AllowedPattern: ^[\w+=,.@-]{1,64}$
@@ -63,7 +63,7 @@ Resources:
- sts:AssumeRole
Condition:
StringLike:
aws:PrincipalArn: !Sub arn:${AWS::Partition}:iam::${ProwlerCodeBuildAccount}:role/${ProwlerCodeBulidRole}
aws:PrincipalArn: !Sub arn:${AWS::Partition}:iam::${ProwlerCodeBuildAccount}:role/${ProwlerCodeBuildRole}
ManagedPolicyArns:
- !Sub arn:${AWS::Partition}:iam::aws:policy/SecurityAudit
- !Sub arn:${AWS::Partition}:iam::aws:policy/job-function/ViewOnlyAccess