feat(regions): Filter Audited Regions (-f) (#1202)

* feat(filter-regions): Added -f and ebs encryption check. * feat(filter-regions): Added -f and ebs encryption check. * feat(regional_clients): add regional_clients. * fix(global variables): created global variables * chore(role option): Mixed -A/-R option including error handling * fix(arn): import errors from error.py file * fix(review_comments): Review PR comments. Co-authored-by: sergargar <sergio@verica.io> Co-authored-by: n4ch04 <nachor1992@gmail.com>
2026-02-10 06:45:08 +00:00 · 2022-06-20 11:25:26 +02:00
parent f694a6d12a
commit b89b883741
16 changed files with 30264 additions and 96 deletions
--- a/prowler.py
+++ b/prowler.py
@@ -51,14 +51,7 @@ if __name__ == "__main__":
        "--role",
        nargs="?",
        default=None,
-        help="Role name to be assumed in account passed with -A",
-    )
-    parser.add_argument(
-        "-A",
-        "--account",
-        nargs="?",
-        default=None,
-        help="AWS account id where the role passed by -R is assumed",
+        help="ARN of the role to be assumed",
    )
    parser.add_argument(
        "-T",
@@ -75,6 +68,12 @@ if __name__ == "__main__":
        default=None,
        help="External ID to be passed when assuming role",
    )
+    parser.add_argument(
+        "-f",
+        "--filter-region",
+        nargs="+",
+        help="AWS region names to run Prowler against",
+    )
    # Parse Arguments
    args = parser.parse_args()

@@ -84,38 +83,19 @@ if __name__ == "__main__":
    services = args.services
    groups = args.groups
    checks_file = args.checks_file
-    
+
+    # Set Logger
+    logger.setLevel(logging_levels.get(args.log_level))
+
    # Role assumption input options tests
-    if args.role or args.account:
-        if not args.account:
-            logger.critical(
-                "It is needed to input an Account Id to assume the role (-A option) when an IAM Role is provided with -R"
-            )
-            quit()
-        elif not args.role:
-            logger.critical(
-                "It is needed to input an IAM Role name (-R option) when an Account Id is provided with -A"
-            )
-            quit()
    if args.session_duration not in range(900, 43200):
        logger.critical("Value for -T option must be between 900 and 43200")
        quit()
    if args.session_duration != 3600 or args.external_id:
-        if not args.account or not args.role:
-            logger.critical("To use -I/-T options both -A and -R options are needed")
+        if not args.role:
+            logger.critical("To use -I/-T options -R option is needed")
            quit()

-    session_input = Input_Data(
-        profile=args.profile,
-        role_name=args.role,
-        account_to_assume=args.account,
-        session_duration=args.session_duration,
-        external_id=args.external_id,
-    )
-    
-    # Set Logger
-    logger.setLevel(logging_levels.get(args.log_level))
-
    if args.version:
        print_version()
        quit()
@@ -124,6 +104,14 @@ if __name__ == "__main__":
        print_banner()

    # Setting session
+    session_input = Input_Data(
+        profile=args.profile,
+        role_arn=args.role,
+        session_duration=args.session_duration,
+        external_id=args.external_id,
+        regions=args.filter_region,
+    )
+
    provider_set_session(session_input)

    # Load checks to execute