Few days ago I came across this repository and I found Prowler(Go Star the repo).
So what is Prowler?
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
I was pretty amazed by the tool, the first time I ran it using podman I did have some issues because I had containerized aws-cli too, so I had to use environment variables and I also had to map the user as such
podman run --rm -it --user 0:0 --env AWS_ACCESS_KEY_ID=DEMO --env AWS_SECRET_ACCESS_KEY=Demo -v $(pwd)/prowler_output:/prowler/output:z prowler -f ap-south-1 -r ap-south-1 -M html,csv
The reporting part is also pretty cool, Prowler took about 35 minutes to run almost 217 checks in a single region.
With Prowler there are a lot of things that can be further checked. I was able to see instances that had hardcoded secrets, there are checks done on Bucket Policy, IAM access, VPC routes and a lot more.
Apart from this, it also, gives you the instance ID, and AWS support articles with possible fixes and remediation column to provide the details, you can output it to CSV and run filters to further get detailed info. It will also tell you why it is bad when it finds similar things. Prowler also guides you to enable additional security stuff.
I'd definitely recommend this opensource tool to audit your AWS account to fix security issues.
As always, if you find these articles interesting please leave a like.
I'm also available for freelance Devops roles, my LinkedIn is in the Dev.to bio.
For further discussions, please reach out @mediocreDevops
Thank you for reading!