Skip to content

Latest commit

 

History

History

terraform-kickstarter

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Install Security Baseline Kickstarter with Prowler

Introduction

The following demonstartes how to quickly install the resources necessary to perform a security baseline using Prowler. The speed is based on the prebuilt terraform module that can configure all the resources necessuary to run Prowler with the findings being sent to AWS Security Hub.

Install

Installing Prowler with Terraform is simple and can be completed in under 1 minute.

  • Start AWS CloudShell

  • Run the following commands to install Terraform and clone the Prowler git repo

    git clone https://github.com/prowler-cloud/prowler.git
    cd prowler
    sudo yum install -y yum-utils
    sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
    sudo yum -y install terraform
    cd util/terraform-kickstarter
    
  • Issue a terraform init

  • Issue a terraform apply

    Prowler Install

    • It is likely an error will return related to the SecurityHub subscription. This appears to be Terraform related and you can validate the configuration by navigating to the SecurityHub console. Click Integreations and search for Prowler. Take note of the green check where it says Accepting findings

    Prowler Subscription

Thats it! Install is now complete. The resources include a Cloudwatch event that will trigger the AWS Codebuild to run daily at 00:00 GMT. If you'd like to run an assessment after the deployment then simply navigate to the Codebuild console and start the job manually.

Terraform Resources

Requirements

Name Version
aws ~> 3.54

Providers

Name Version
aws 3.56.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_event_rule.prowler_check_scheduler_event resource
aws_cloudwatch_event_target.run_prowler_scan resource
aws_codebuild_project.prowler_codebuild resource
aws_iam_policy.prowler_event_trigger_policy resource
aws_iam_policy.prowler_kickstarter_iam_policy resource
aws_iam_policy_attachment.prowler_event_trigger_policy_attach resource
aws_iam_policy_attachment.prowler_kickstarter_iam_policy_attach resource
aws_iam_role.prowler_event_trigger_role resource
aws_iam_role.prowler_kick_start_role resource
aws_s3_bucket.prowler_report_storage_bucket resource
aws_s3_bucket_policy.prowler_report_storage_bucket_policy resource
aws_s3_bucket_public_access_block.prowler_report_storage_bucket_block_public resource
aws_securityhub_account.securityhub_resource resource
aws_securityhub_product_subscription.security_hub_enable_prowler_findings resource
aws_caller_identity.current data source
aws_iam_policy.SecurityAudit data source
aws_region.current data source

Inputs

Name Description Type Default Required
codebuild_timeout Codebuild timeout setting number 300 no
enable_security_hub Enable AWS SecurityHub. bool true no
enable_security_hub_prowler_subscription Enable a Prowler Subscription. bool true no
prowler_cli_options Run Prowler With The Following Command string "-q -M json-asff -S -f us-east-1" no
prowler_schedule Run Prowler based on cron schedule string "cron(0 0 ? * * *)" no
select_region Uses the following AWS Region. string "us-east-1" no

Outputs

Name Description
account_id n/a

Kickoff Prowler Assessment From Install to Assessment Demo (Link to YouTube)

Prowler Install