The following demonstartes how to quickly install the resources necessary to perform a security baseline using Prowler. The speed is based on the prebuilt terraform module that can configure all the resources necessuary to run Prowler with the findings being sent to AWS Security Hub.
Installing Prowler with Terraform is simple and can be completed in under 1 minute.
-
Start AWS CloudShell
-
Run the following commands to install Terraform and clone the Prowler git repo
git clone https://github.com/prowler-cloud/prowler.git cd prowler sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo sudo yum -y install terraform cd util/terraform-kickstarter
-
Issue a
terraform init
-
Issue a
terraform apply
- It is likely an error will return related to the SecurityHub subscription. This appears to be Terraform related and you can validate the configuration by navigating to the SecurityHub console. Click Integreations and search for Prowler. Take note of the green check where it says Accepting findings
Thats it! Install is now complete. The resources include a Cloudwatch event that will trigger the AWS Codebuild to run daily at 00:00 GMT. If you'd like to run an assessment after the deployment then simply navigate to the Codebuild console and start the job manually.
Name | Version |
---|---|
aws | ~> 3.54 |
Name | Version |
---|---|
aws | 3.56.0 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
codebuild_timeout | Codebuild timeout setting | number |
300 |
no |
enable_security_hub | Enable AWS SecurityHub. | bool |
true |
no |
enable_security_hub_prowler_subscription | Enable a Prowler Subscription. | bool |
true |
no |
prowler_cli_options | Run Prowler With The Following Command | string |
"-q -M json-asff -S -f us-east-1" |
no |
prowler_schedule | Run Prowler based on cron schedule | string |
"cron(0 0 ? * * *)" |
no |
select_region | Uses the following AWS Region. | string |
"us-east-1" |
no |
Name | Description |
---|---|
account_id | n/a |