New features to highlight in this version:
🏷️ STS V2 Tokens (this will be in the SaaS immediately, so more regions may appear with findings)
- Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.
See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region
✅ New 9 checks for AWS! (this will be in the SaaS immediately, so more findings may appear)
- New Account check
account_maintain_different_contact_details_to_security_billing_and_operations - New CloudTrail check
cloudtrail_multi_region_enabled_logging_management_events - New EC2 DataLifecycle Manager service and check
dlm_ebs_snapshot_lifecycle_policy_exists - New EC2 EBS check
ec2_ebs_volume_snapshots_exists - New DocumentDB service and check
documentdb_instance_storage_encrypted - New Support check
trustedadvisor_premium_support_plan_subscribed - New Neptune service and check
neptune_uses_a_public_subnet - New Elasticache service and check
elasticache_using_public_subnets - New IAM check
iam_use_temporary_credentials
🔎 Ignore Findings from services not in actual use (this will be a roll out in the SaaS over the next weeks)
- Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler’s reports.
prowler <provider> --ignore-unused-services
See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/
⚙️ New AWS Allowlist including AWS Control Tower resources (this will be nn the SaaS as a UI feature in a month)
- New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
prowler aws --allowlist prowler/config/aws_allowlist.yaml
See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist
More details here https://github.com/prowler-cloud/prowler/releases/tag/3.11.0