_Take a look in the pool and what do you see
In the dark depths there faces beckoning me
Can't you see them it's plain for all to see
They were there oh I know you don't believe me_
_Still Life_ is one of those jewels that _Iron Maiden_ has (well… aren’t jewels all their songs? 😉) and it is so good that they also included it in their live double vhs/dvd/cd/lp called “Maiden England” back in 1988. The song is based on a book from Ramsey Campbell called "The Inhabitant of the lake and less welcome tenants”, and it is about somebody that see ghosts in the bottom of a lake and gets crazy about that. They are like cloud security vulnerabilities, they are everywhere and seems to be hard to beat them. Listen to the song here 🔥[Still Life](https://www.youtube.com/watch?v=uWXE_j2mwqM)🔥 while hardening and reading below what we did.
A brand new version of **Prowler 3.4.0** at your command! This version won’t make your ghosts to disappear but will help you to put them in their place and in line to start the journey of getting rid of them. Time to shine up your boots with `pip install prowler --upgrade`.
New features to highlight in this version:
☁️ **New support for Google Cloud with 43 checks!**:
- GCP services covered: IAM, BigQuery, CloudSQL, CloudStorage, Compute, KMS and Logging.
- Run `prowler gcp --list-checks` for details and visit [our Prowler GCP documentation here](https://docs.prowler.cloud/).
✅ **21 new checks for AWS**:
- New services covered like Organizations best practices, SSM Incidents, Resource Explorer, Backup, additional checks for CloudTrail, ECR scan on push check updated, GuardDuty, VPC best practices, IAM (see these ones that will help you a lot!) thanks to gabrielsoltz
- Watch out! `iam_policy_no_administrative_privileges` has been renamed to `iam_customer_unattached_policy_no_administrative_privileges`
- New important IAM checks:
- [iam_aws_attached_policy_no_administrative_privileges] Ensure IAM AWS-Managed policies that allow full "*:*" administrative privileges are not attached - iam [high]
- [iam_customer_attached_policy_no_administrative_privileges] Ensure IAM Customer-Managed policies that allow full "*:*" administrative privileges are not attached - iam [high]
- [iam_customer_unattached_policy_no_administrative_privileges] Ensure IAM policies that allow full "*:*" administrative privileges are not created - iam [low]
- See all checks with`prowler aws --list-checks`
📊 **New html report for Azure and GCP**:
- When running Azure or GCP checks, html report is now also created for you to enjoy them during your security assessments.
⚙️ **Custom checks now supported:**
- You can create your custom checks inside Prowler or in your custom folders following our [Developer Guide](https://docs.prowler.cloud/en/latest/tutorials/developer-guide/) and a [Tutorial about it here](https://docs.prowler.cloud/en/latest/tutorials/misc/#custom-checks), new option `-x/--checks-folder` for your custom checks.
🏷️ **Resource Tags supported in Allow list**:
- Take advantage of Allow list during your scans also using tags filers, more information here [https://docs.prowler.cloud/en/latest/tutorials/allowlist/](https://docs.prowler.cloud/en/latest/tutorials/allowlist/).
What's Changed:
Features
* feat(allowlist): Add tags filter to allowlist by sergargar in https://github.com/prowler-cloud/prowler/pull/2105
* feat(backup): New backup service and checks by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2172
* feat(banner): Include Azure credential banner by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2179
* feat(check): New Check and Service: resourceexplorer2_indexes_found by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2196
* feat(check): New check ecr_registry_scan_images_on_push_enabled by sergargar in https://github.com/prowler-cloud/prowler/pull/2237
* feat(check): New CloudTrail check cloudtrail_insights_exist by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2184
* feat(check): New CloudTrail check cloudtrail_bucket_requires_mfa_delete by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2194
* feat(check): New GuardDuty check guardduty_centrally_managed by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2195
* feat(check): New VPC checks by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2218
* feat(checks): New IAM Checks no full access to critical services by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2183
* feat(checks): New IAM check iam_securityaudit_role_created by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2182
* feat(custom checks): Add -x/--checks-folder for custom checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2191
* feat(gcp): Add Google Cloud provider with 43 checks by sergargar in https://github.com/prowler-cloud/prowler/pull/2125
* feat(html): Add html to Azure and GCP by sergargar in https://github.com/prowler-cloud/prowler/pull/2181
* feat(new_checks): New AWS Organizations checks by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2133
* feat(orgs checks region): Add region to all Organizations checks by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2202
* feat(ssmincidents): New Service and Checks by gabrielsoltz in https://github.com/prowler-cloud/prowler/pull/2219
Fixes
* fix(audit_info): Azure subscriptions parsing error by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2147
* fix(aws_provider): Fix assessment session name by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2132
* fix(azure output): Change default values of audit identity metadata by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2144
* fix(brew): Move brew formula action to the bottom by sergargar in https://github.com/prowler-cloud/prowler/pull/2135
* fix(cloudformation): Handle ValidationError by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2166
* fix(dax): Call list_tags using the cluster ARN by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2167
* fix(defender service): Retrieve key dicts with get by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2129
* fix(delete check): Delete check ec2.._in_use_without_ingrgess_filtering by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2148
* fix(docs): Check extra_742 name adjusted in the V2 to V3 mapping by cerontrustly in https://github.com/prowler-cloud/prowler/pull/2154
* fix(elb-test): Use a mocked current audit info by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2207
* fix(elbv2 desync check): Mixed elbv2 desync and smuggling by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2171
* fix(errors): Solve ECR and CodeArtifact errors by sergargar in https://github.com/prowler-cloud/prowler/pull/2239
* fix(gcp): Handle error when Project ID is None by sergargar in https://github.com/prowler-cloud/prowler/pull/2130
* fix(global services): Fix global services region by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2203
* fix(iam): Handle LimitExceededException when calling generate_credential_report by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2168
* fix(iam): Handle no display name error in service account by sergargar in https://github.com/prowler-cloud/prowler/pull/2176
* fix(iam tests): Mock audit_info object by sergargar in https://github.com/prowler-cloud/prowler/pull/2226
* fix(iam_policy_no_administrative_privileges): Check attached policies and AWS-Managed by sergargar in https://github.com/prowler-cloud/prowler/pull/2200
* fix(kms): Handle empty principal error by sergargar in https://github.com/prowler-cloud/prowler/pull/2192
* fix(logging): Add default resource id when no resources by sergargar in https://github.com/prowler-cloud/prowler/pull/2177
* fix(output bucket): Solve IsADirectoryError using compliance flag by sergargar in https://github.com/prowler-cloud/prowler/pull/2121
* fix(pipeline build): Fix wording when build and push by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2169
* fix(pypi): Set base branch when updating release version by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2152
* fix(quickinventory): AttributError when creating inventory table by bnugent in https://github.com/prowler-cloud/prowler/pull/2122
* fix(rds): Handle DBSnapshotNotFound by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2165
* fix(readme): Add GCP provider to README introduction by sergargar in https://github.com/prowler-cloud/prowler/pull/2143
* fix(redshift): correct description in redshift_cluster_automatic_upgrades by rubtoa https://github.com/prowler-cloud/prowler/pull/2246
* fix(resourceexplorer2): Solve test and region by sergargar in https://github.com/prowler-cloud/prowler/pull/2206
* fix(resource_not_found): Handle error by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2136
* fix(rds): exclude Aurora in rds_instance_transport_encrypted check by sergargar https://github.com/prowler-cloud/prowler/pull/2245
* fix(s3): Handle if ignore_public_acls is None by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2128
* fix(secretsmanager_automatic_rotation_enabled): Improve description for Secrets Manager secret rotation by visit1985 in https://github.com/prowler-cloud/prowler/pull/2156
* fix(ssm): Handle ValidationException when retrieving documents by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2146
* fix(test): Call cloudtrail_s3_dataevents_write_enabled check by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2204
* fix(test): Mock audit info in services https://github.com/prowler-cloud/prowler/pull/2208 https://github.com/prowler-cloud/prowler/pull/2210 https://github.com/prowler-cloud/prowler/pull/2211 https://github.com/prowler-cloud/prowler/pull/2209 https://github.com/prowler-cloud/prowler/pull/2224 https://github.com/prowler-cloud/prowler/pull/2215 https://github.com/prowler-cloud/prowler/pull/2223 https://github.com/prowler-cloud/prowler/pull/2212 https://github.com/prowler-cloud/prowler/pull/2213 https://github.com/prowler-cloud/prowler/pull/2225
* fix(version): Handle request response property by sergargar in https://github.com/prowler-cloud/prowler/pull/2175
Builds
* build(deps): bump alive-progress from 3.1.0 to 3.1.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2187
* build(deps): bump azure-mgmt-security from 3.0.0 to 4.0.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2141
* build(deps): bump azure-storage-blob from 12.15.0 to 12.16.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2230
* build(deps): bump boto3 from 1.26.90 to 1.26.105 by dependabot in https://github.com/prowler-cloud/prowler/pull/2232
* build(deps): bump botocore from 1.29.105 to 1.29.115 by dependabot in https://github.com/prowler-cloud/prowler/pull/2233
* build(deps): bump google-api-python-client from 2.81.0 to 2.84.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2188
* build(deps): bump mkdocs-material from 9.1.5 to 9.1.6 by dependabot in https://github.com/prowler-cloud/prowler/pull/2186
* build(deps): bump pydantic from 1.10.6 to 1.10.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2139
* build(deps-dev): bump coverage from 7.2.2 to 7.2.3 by dependabot in https://github.com/prowler-cloud/prowler/pull/2234
* build(deps-dev): bump moto from 4.1.6 to 4.1.7 by dependabot in https://github.com/prowler-cloud/prowler/pull/2231
* build(deps-dev): bump pylint from 2.17.0 to 2.17.2 by dependabot in https://github.com/prowler-cloud/prowler/pull/2161
* build(deps-dev): bump pytest from 7.2.2 to 7.3.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2185
Chores
* chore(regions): Sort AWS regions by sergargar in https://github.com/prowler-cloud/prowler/pull/2198
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2236
* chore(docs): Developer Guide - how to create a new check by sergargar in https://github.com/prowler-cloud/prowler/pull/2137
* chore(docs): Improve quick inventory section by sergargar in https://github.com/prowler-cloud/prowler/pull/2117
* chore(docs): Improve reporting documentation by sergargar in https://github.com/prowler-cloud/prowler/pull/2119
* chore(docs): Remove list severities by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2116
New Contributors
* bnugent made their first contribution in https://github.com/prowler-cloud/prowler/pull/2122
* cerontrustly made their first contribution in https://github.com/prowler-cloud/prowler/pull/2154
* visit1985 made their first contribution in https://github.com/prowler-cloud/prowler/pull/2156
* rubtoa made their first contribution in https://github.com/prowler-cloud/prowler/pull/2246
**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.3.4...3.4.0