Sign up for Prowler Updates

Please enable JavaScript in your browser to complete this form.
Toni de la Fuente headshot
Toni de la Fuente // November 2, 2023

Scanner updated to Prowler 3.11.0 with new features

New features to highlight in this version:

🏷️ STS V2 Tokens (this will be in the SaaS immediately, so more regions may appear with findings)

  • Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.

See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region

βœ… New 9 checks for AWS! (this will be in the SaaS immediately, so more findings may appear)

  • New Account check account_maintain_different_contact_details_to_security_billing_and_operations
  • New CloudTrail check cloudtrail_multi_region_enabled_logging_management_events
  • New EC2 DataLifecycle Manager service and check dlm_ebs_snapshot_lifecycle_policy_exists
  • New EC2 EBS check ec2_ebs_volume_snapshots_exists
  • New DocumentDB service and check documentdb_instance_storage_encrypted
  • New Support check trustedadvisor_premium_support_plan_subscribed
  • New Neptune service and check neptune_uses_a_public_subnet
  • New Elasticache service and check elasticache_using_public_subnets
  • New IAM check iam_use_temporary_credentials

πŸ”Ž Ignore Findings from services not in actual use (this will be a roll out in the SaaS over the next weeks)

  • Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler’s reports.
    prowler <provider> --ignore-unused-services

See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/

βš™οΈ New AWS Allowlist including AWS Control Tower resources (this will be nn the SaaS as a UI feature in a month)

  • New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
    prowler aws --allowlist prowler/config/aws_allowlist.yaml

See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist

More details here https://github.com/prowler-cloud/prowler/releases/tag/3.11.0

Recent Articles

Screenshot at
September 11, 2025

Introducing Prowler’s GitHub Provider: Secure Your Repositories at ScaleΒ 

Recently we have seen a rise of incidents related to supply chain attacks, and specifically with the security of the development pipelines: tj-actions, reviewdog/action-setup, Amazon Q Developer, nx and others....

Screenshot at
September 5, 2025

Automate Multi-Cloud Security at Scale: Bulk Provider Provisioning in Prowler

Managing cloud security across dozens or even hundreds of cloud accounts is a challenge, especially when you have to do it for multiple cloud providers. Manually onboarding each account is...

py iam expand
August 21, 2025

Unmasking Hidden Dangers: How Prowler Now Detects Obfuscated IAM Policies

It all started with a fascinating blog post from the team at Permiso introducing their "Sky Scalpel" tool. Their research highlighted a clever technique for hiding dangerous permissions within AWS...