Action Required: Update Your ProwlerPro Scan IAM Role

We’ve added new functionality and a new check to ProwlerPro. We also fixed some issues with the existing permissions to improve the way we scan your account, which requires an update to the permissions template.

When you first signed up for ProwlerPro, you created a role in your AWS account with a specific set of locked down permissions. As a security company ourselves, we only have access to what we need for checks to be successful.

In order for all updated checks to continue to work optimally, we are asking all users to update their ProwlerPro scan role. Running this update, with either CloudFormation or Terraform, should take less than 5 minutes.

Recommended Next Steps

Follow these steps to update your CloudFormation template via the AWS CLI as shown below or step by step following the instructions in our documentation here:

aws cloudformation update-stack \
  --capabilities CAPABILITY_IAM --capabilities CAPABILITY_NAMED_IAM \
  --stack-name "ProwlerProSaaSScanRole" \
  --template-url "https://s3.eu-west-1.amazonaws.com/prowler-pro-saas-pro-artifacts/templates/prowler-pro-scan-role.yaml" \
  --parameters "ParameterKey=ExternalId,UsePreviousValue=true"

Follow these steps to to update your ProwlerPro Scan IAM Role via Terraform:

• Click here to get the latest version of the Terraform files
• Then execute the following Terraform commands:

terraform init
terraform plan
terraform apply

During the terraform plan and terraform apply steps you will be asked for your AWS External ID which you can find here.

For additional information check out our docs here. If you still have questions, or want to be a part of our community, join us in Slack!