Since this last two years, I find security become more happening nowadays. Even when you are using modern cloud, the security still not go away from every discussion.
AWS already have services that can help us to strengthen our security like AWS Cloudtrail , AWS GuardDuty even AWS Trusted Advisor. All of them come with cost and complexity, but if you want something difference for implement, you can try integrate it with Prowler.
What is prowler
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Prowler is the tools is getting hot and caught my eyes recently. After some trial and error, I keen to pairing it with AWS. It turns out easy to use and compliment AWS service greatly. The fact that the Prowler got more attention from open source world that need to watch, make it perfect.
How to use
You can choose between your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell and Cloud9 to run the Prowler.
Before that, you need to make sure you have AWS CLI and AWS IAM user with IAM policy that already state in official docs. After that, you can choose between using containerized prowler or install the binary.
More info you can find it at Prowler Github and Prowler Docs
What to expect
From their blog, I can see that they are still actively developing this, even I notice that they launch new version with named Prowler v3. More reference, you can check here.
Conclusion
As the follower of AWS open source, I always welcome new tools that can increase performance and variation for maintain AWS services.
In my opinion, Prowler can become one of the next big tools that can compliment AWS services. One of the reasons is because AWS has official doc that suggest running Prowler for managing across accounts as part of security and compliance, you can check it here. Also AWS has blog that discuss about how to integrate with Prowler in here.
Looking forward to see how team behind it can develop this tool.
I think that's it for now for this article comparison. Leave a comment below. So, I know about your thoughts! Thanks.
Top comments (1)
Hey Andre! Awesome write-up! Thought you may be interested that things have moved fast in the last 1.5yrs, we just released V5 with a full open source API, UI and multi-account features. The CLI's are still backwards compatible with your instructions too, just with a lot more out of the box checks! Happy scanning!