_Drawn by quest for fire
They searched all through the land
Drawn by quest for fire
Discovery of man._
_Quest for Fire_ is a song part of _Piece of Mind_ album of _Iron Maiden_. This new version is the result of our _quest_ for your security issues and our _quest_ to help you to improve your cloud security posture. See below the amazing new features we have added to **Prowler 3.2.0 π₯[Quest for Fire](https://www.youtube.com/watch?v=_ppwIZ0EnXg)π₯**
New features to highlight in this version:
π·οΈ **Tag-based scan**: now you can scan only resources with specific tags across your entire account with the following command:
- `prowler aws --resource-tags Environment=dev Project=prowler`
- You can use as many tags as you need. More information here: https://docs.prowler.cloud/en/latest/tutorials/aws/tag-based-scan/
π― **Resource-based scan**: now you can scan only a specific resources by the ARN
- `prowler aws --resource-arn arn:aws:iam::012345678910:user/test arn:aws:ec2:us-east-1:123456789012:vpc/vpc-12345678`
- That command will run all IAM user related checks to `test` and all VPC related checks to VPC `vpc-12345678`
- This is very helpful for new found resources or even pipelines! More information here: https://docs.prowler.cloud/en/latest/tutorials/aws/resource-arn-based-scan/
βοΈ **17 New Security Compliance Frameworks**: we added 17 new security frameworks for AWS.
- In addition to CIS 1.4, CIS 1.5 and Spanish ENS (that comes with more enhancements) we have added the following security frameworks for the AWS provider.
- CISA Cyber Essentials
- FedRAMP Low Revision 4
- FedRAMP Moderate Revision 4
- Federal Financial Institutions Examination Council (FFIEC)
- AWS Foundational Security Best Practices
- General Data Protection Regulation (GDPR)
- GxP 21 CFR Part 11
- GxP EU Annex 11
- HIPAA
- NIST 800-171 Revision 2
- NIST 800-53 Revision 4
- NIST 800-53 Revision 5
- NIST Cybersecurity Framework (CSF) v1.1
- PCI v3.2.1
- RBI Cyber Security Framework
- SOC 2
- These can be considered test mode at this point, we are open for feedback and updates.
- More information about how to use them with Prowler and compliance here: https://docs.prowler.cloud/en/latest/tutorials/compliance/.
- We want to thank pedromarting3 for his contribution, AWS and their public documentation and also [steampipe.io](http://steampipe.io/) mod page https://hub.steampipe.io/mods/turbot/aws_compliance because they were pretty helpful for us. ππΌ π€πΌπ€πΌ
β
**New check**:
- Check if IAM Access Analyzer is enabled (in addition of the existing one that looks for issues as well)
πΊ**Handler for output code**:
- Like in v2, now you can handle what output code to get when Prowler gets failed findings. (-z)
π**Allow list feature now supports Lambda to manage it**:
- More information https://github.com/prowler-cloud/prowler/pull/1793
What's Changed:
* feat(compliance): Add 17 new security compliance frameworks for AWS by pedromarting3 in https://github.com/prowler-cloud/prowler/pull/1824
* feat(new check): add accessanalyzer_enabled check by sergargar in https://github.com/prowler-cloud/prowler/pull/1864
* feat(boto3-config): Use standard retrier by jfagoagas in https://github.com/prowler-cloud/prowler/pull/1868
* feat(allowlist): AWS Lambda function support by pplu in https://github.com/prowler-cloud/prowler/pull/1793
* feat(scan-type): AWS Resource ARNs based scan by sergargar in https://github.com/prowler-cloud/prowler/pull/1807
* feat(exit_code 3): add -z option by sergargar in https://github.com/prowler-cloud/prowler/pull/1848
* feat(scanner): Tag-based scan by sergargar in https://github.com/prowler-cloud/prowler/pull/1751
Fixes:
* fix(elbv2): handle service for GWLB resources by daftkid in https://github.com/prowler-cloud/prowler/pull/1860
* fix(checks): added validation for non-existing VPC endpoint policy by daftkid in https://github.com/prowler-cloud/prowler/pull/1859
* fix(action): do not trigger action when editing release by sergargar in https://github.com/prowler-cloud/prowler/pull/1865
* fix(key_errors): handle Key Errors in Lambda and EMR by sergargar in https://github.com/prowler-cloud/prowler/pull/1871
* fix(permissive role assumption): actions list handling by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1869
* fix(key_errors): handle Key Errors in Lambda and EMR by sergargar in https://github.com/prowler-cloud/prowler/pull/1871
* fix(hardware mfa): changed hardware mfa description by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1873
* fix(metadata): typo in appstream_fleet_session_disconnect_timeout.metadata.json by sergargar in https://github.com/prowler-cloud/prowler/pull/1875
* fix(compliance): ENS RD2022 Spanish security framework updates by alexr3y in https://github.com/prowler-cloud/prowler/pull/1809
* fix(errors): solve several services errors (AccessAnalyzer, AppStream, KMS, S3, SQS, R53, IAM, CodeArtifact and EC2) by sergargar in https://github.com/prowler-cloud/prowler/pull/1879
* fix(cloudtrail_multi_region_enabled): reformat check by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1880
* chore(compliance): add manual checks to compliance CSV by sergargar in https://github.com/prowler-cloud/prowler/pull/1872
* fix(service errors): solve errors in IAM, S3, Lambda, DS, Cloudfront services by sergargar in https://github.com/prowler-cloud/prowler/pull/1882
* chore(Dockerfile): Remove build files by jfagoagas in https://github.com/prowler-cloud/prowler/pull/1886
* fix(list_checks): filter checks after audit_info set by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1887
* fix(Azure_Audit_Info): Added audited_resources field by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1891
Documentation
* docs: Boto3 Standard Retrier by jfagoagas in https://github.com/prowler-cloud/prowler/pull/1885
* docs: Update AWS Role Assumption by Fennerr in https://github.com/prowler-cloud/prowler/pull/1890
* docs: Minor changes to the intro paragraph by Fennerr in https://github.com/prowler-cloud/prowler/pull/1892
* docs: Minor changes to logging by Fennerr in https://github.com/prowler-cloud/prowler/pull/1893
New Contributors
* pedromarting3 made their first contribution in https://github.com/prowler-cloud/prowler/pull/1824
* pplu made their first contribution in https://github.com/prowler-cloud/prowler/pull/1792
**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.1.4...3.2.0