Sign up for Prowler Updates
Action Required: Update Your ProwlerPro Scan IAM Role
We’ve added new functionality and a new check to ProwlerPro. We also fixed some issues with the existing permissions to improve the way we scan your account, which requires an update to the permissions template.
When you first signed up for ProwlerPro, you created a role in your AWS account with a specific set of locked down permissions. As a security company ourselves, we only have access to what we need for checks to be successful.
In order for all updated checks to continue to work optimally, we are asking all users to update their ProwlerPro scan role. Running this update, with either CloudFormation or Terraform, should take less than 5 minutes.
Recommended Next Steps
Follow these steps to update your CloudFormation template via the AWS CLI as shown below or step by step following the instructions in our documentation here:
aws cloudformation update-stack \ --capabilities CAPABILITY_IAM --capabilities CAPABILITY_NAMED_IAM \ --stack-name "ProwlerProSaaSScanRole" \ --template-url "https://s3.eu-west-1.amazonaws.com/prowler-pro-saas-pro-artifacts/templates/prowler-pro-scan-role.yaml" \ --parameters "ParameterKey=ExternalId,UsePreviousValue=true"
Follow these steps to to update your ProwlerPro Scan IAM Role via Terraform:
- Click here to get the latest version of the Terraform files
- Then execute the following Terraform commands:
terraform init terraform plan terraform apply
During the terraform plan and terraform apply steps you will be asked for your AWS External ID which you can find here.

For additional information check out our docs here. If you still have questions, or want to be a part of our community, join us in Slack!
Recent Articles

Introducing Prowler’s GitHub Provider: Secure Your Repositories at Scale
Recently we have seen a rise of incidents related to supply chain attacks, and specifically with the security of the development pipelines: tj-actions, reviewdog/action-setup, Amazon Q Developer, nx and others....

Automate Multi-Cloud Security at Scale: Bulk Provider Provisioning in Prowler
Managing cloud security across dozens or even hundreds of cloud accounts is a challenge, especially when you have to do it for multiple cloud providers. Manually onboarding each account is...

Unmasking Hidden Dangers: How Prowler Now Detects Obfuscated IAM Policies
It all started with a fascinating blog post from the team at Permiso introducing their "Sky Scalpel" tool. Their research highlighted a clever technique for hiding dangerous permissions within AWS...