From fc9b8a1d3c77b132fb1f199107af44be54c9ed16 Mon Sep 17 00:00:00 2001
From: AlexClineBB <alex.cline@brandingbrand.com>
Date: Wed, 31 May 2017 14:59:37 -0400
Subject: [PATCH] Add the option to filter API requests by region

This change adds the ability to perform checks against specific regions only.

The -r option allows you to set the region that API requests are made against,
but checks are always made against all regions.

The -f allows you to filter which regions to run checks against.
---
 prowler | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/prowler b/prowler
index 36ce43f0..ef949a0a 100755
--- a/prowler
+++ b/prowler
@@ -48,21 +48,23 @@ WHITE="[1;37m"
 # Set the defaults for these getopts variables
 PROFILE="default"
 REGION="us-east-1"
+FILTERREGION=""
 
 # Command usage menu
 usage(){
   echo -e "\nUSAGE:
       `basename $0` -p <profile> -r <region> [ -h ]
   Options:
-      -p <profile>  specify your AWS profile to use (i.e.: default)
-      -r <region>   specify a desired AWS region to use (i.e.: us-east-1)
-      -c <checknum> specify a check number or group from the AWS CIS benchmark (i.e.: check11 for check 1.1 or check3 for entire section 3)
-      -h            this help
+      -p <profile>        specify your AWS profile to use (i.e.: default)
+      -r <region>         specify an AWS region to direct API requests to (i.e.: us-east-1)
+      -c <checknum>       specify a check number or group from the AWS CIS benchmark (i.e.: check11 for check 1.1 or check3 for entire section 3)
+      -f <filterregion>   specify an AWS region to run checks against (i.e.: us-west-1)
+      -h                  this help
   "
   exit
 }
 
-while getopts "hp:r:c:" OPTION; do
+while getopts "hp:r:c:f:" OPTION; do
    case $OPTION in
      h )
         usage
@@ -77,6 +79,9 @@ while getopts "hp:r:c:" OPTION; do
      c )
         CHECKNUMBER=$OPTARG
         ;;
+     f )
+        FILTERREGION=$OPTARG
+        ;;
      : )
         echo -e "\n$RED ERROR!$NORMAL  -$OPTARG requires an argument\n"
         exit 1
@@ -192,7 +197,7 @@ echo -e " |_|$NORMAL$BLUE CIS based AWS Account Hardening Tool$NORMAL\n"
 # Get whoami in AWS, who is the user running this shell script
 getWhoami() {
   echo -e "\nThis report is being generated using credentials below:\n"
-  echo -e "AWS-CLI Profile: $NOTICE[$PROFILE]$NORMAL AWS Region: $NOTICE[$REGION]$NORMAL\n"
+  echo -e "AWS-CLI Profile: $NOTICE[$PROFILE]$NORMAL AWS API Region: $NOTICE[$REGION]$NORMAL AWS Filter Region: $NOTICE[${FILTERREGION:-all}]\n"
   $AWSCLI sts get-caller-identity --output table --profile $PROFILE --region $REGION
 }
 
@@ -228,7 +233,8 @@ cleanTemp(){
 REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
   --output text \
   --profile $PROFILE \
-  --region $REGION)
+  --region $REGION \
+  --region-names $FILTERREGION)
 
 infoReferenceLong(){
   # Report review note:
