Prowler

New features:
* Refactored code:
* reduced number of lines in prowler main script and add `includes` folder with parts to easily find and manage all components
* dedicated folder for `checks`, a check per file,
* same for `groups` of checks, now we can create custom groups and run Prowler against your custom group (for example only the checks that your company needs).
* moved Dockerfile to `utils` folder.
* moved IAM policy additions to `iam` folder
* Output changed `PASS` and `FAIL` instead of `OK` and `WARNING` messages displayed.
* Option `-g <group_id>`: run specific group from the existing or new one
* Option `-b`: hide banner
* Check whitelisting: thanks to the new groups management, you can create your own checks based on your needs.
* Custom checks: now it is easier to add a new check, just create your check based on the sample one and add it to a group, or create your own group.
* Added version to the banner and changed description
* Added new check `extra723` that looks for public RDS snapshots (single and cluster)
* Added check `extra724` Certificate Transparency
* Added check ID on every check and group title.
* Added check `extra725` S3 object-level logging (extras and forensics)
* Added check `extra726` Trusted Advisor errors and warnings
* Added check `extra727` SQS queues have policy public
* Added check `extra728` SQS queues have encryption enabled
* Added `-V` flag to see version
* Added check `extra729` no EBS Volumes unencrypted
* Added check `extra730` ACM Certificates are about to expire in 7 days or less
* Added check `extra731` SNS topics have policy set as Public
* Added check `extra732` Geo restrictions are enabled in CloudFront distributions
* Added check `extra733` SAML Providers then STS can be used
* Added check `extra734` S3 buckets have default encryption (SSE) enabled and policy to enforce it
* Added check `extra735` RDS instances storage is encrypted
* Added check `extra736` exposed KMS keys
* Added check `extra737` KMS keys with key rotation disabled
* Added check `extra738` CloudFront distributions are set to HTTPS
* Added check `extra739` ELBs have logging enabled
* Added check `extra740` EBS snapshots are encrypted
* JSON support as output mode `-M json`, thanks to hb3b
* Added support to run on Fargate and uses metadata for credentials, thanks to mattfinlayson
* Added group checks for GDPR and HIPAA, thanks to crashGoBoom for helping out with HIPAA

Improvements:
* Adapted to the latest CIS for AWS 1.2, thanks to gpatt
* option `-l` now shows all groups not only default ones, with all its checks title.
* changed `!/bin/bash` to `!/usr/bin/env bash` 182 thanks to doshitan
* `check28` 181 thanks to doshitan
* `check41` and `check44` 180 thanks to subramani95
* Changed output functions to `textInfo`, `textFail` and `textPass`
* Hide banner on CSV output mode for group check
* Added version to banner
* Improved current directory handler for includes
* Improved error handling on `check111`
* Improved instance profile handling issue 200, thanks to netflash and ceyes
* Improved default region handling issue 202, thanks to ceyes
* Improvements on account ID handling in CSV output issue 205, thanks to MrSecure
* Improved `check28`, thanks to nexeck
* Improved `check_extra73` to support graceful failing of buckets with corrupt/unintended permissions, thanks to hb3b
* Improved `check111`, thanks to roo7break and martinusnel
* Improved `check27`
* Improved group error handling
* Improved `check115`, `check315` and `check13` and its documentaion, thanks to rheak
* Improved `extra725`, thanks to martinusnel
* Improved username filtering for `check12` for CIS 1.2, thanks to gpatt
* Improved username filtering for `check116` for CIS 1.2, thanks to gpatt
* Improved `extra713`, thanks to mbode
* Improved credentials handling, thanks to flomotlik
* Improved `check112` to avoid extra API call, thanks to jlamande
* Improved `check29`, thanks onkymykiss1

Fixes:
* `check22` 194 thanks to mbode
* `check717` 188 thanks to ahhh
* Fixed required IAM permissions 187 thanks to rtkjbillo
* Disable concurrency checks to `check_extra73` due to API limits
* Fixed issue 268
* Mark CIS level2 and 2 properly, also marker to sample check thanks to MrSecure
* Fixed mismatched check_type on `check18 ` thanks to MrSecure
* Fixed typo on `check311` thanks to MrSecure
* Ensure credential report is available before running any checks thanks to MrSecure
* Fixed checks on group3 to prevent duplicates, thanks to myoung34
* Fixed `extra73` to use `$PROFILE_OPT` properly, thanks to sidewinder12s
* Fixed checks `extra727` and `extra728` to use `$PROFILE_OPT` properly, thanks to tmonk42
* Fixed `check14`, thanks to atomdampflok
* Fixed checks listing, thanks to UranusBytes
* Fixed `check13` for never logged users, thanks to jlamande

Documentation:
* Added new way to create custom checks and custom groups
* Improved Prowler description
* Added command to save report to S3
* Update all CIS document links to AWS version thanks to sidewinder12s
* Changed license for checks that are not CIS and rest of code but CIS checks to Apache 2.0
* Added license and commercial use disclaimer to README
* Added info about GDPR and HIPAA
* Improved README formatting and typos, thanks to craighurley and slmingol
* Added new needed IAM roles, thanks to yapale, mixmatch and jlamande

Special thanks to:
philipmeadows for his help and ideas on code refactoring

New features:
* Refactored code:
* reduced number of lines in prowler main script and add `includes` folder with parts to easily find and manage all components
* dedicated folder for `checks`, a check per file,
* same for `groups` of checks, now we can create custom groups and run Prowler against your custom group (for example only the checks that your company needs).
* moved Dockerfile to `utils` folder.
* moved IAM policy additions to `iam` folder
* Output changed `PASS` and `FAIL` instead of `OK` and `WARNING` messages displayed.
* Option `-g <group_id>`: run specific group from the existing or new one
* Option `-b`: hide banner
* Check whitelisting: thanks to the new groups management, you can create your own checks based on your needs.
* Custom checks: now it is easier to add a new check, just create your check based on the sample one and add it to a group, or create your own group.
* Added version to the banner and changed description
* Added new check `extra723` that looks for public RDS snapshots (single and cluster)

Improvements:
* option `-l` now shows all groups not only default ones, with all its checks title.
* `check73` now doees the S3 check in parallel thanks to vsMeecles and Jonathan Glass
* changed `!/bin/bash` to `!/usr/bin/env bash` 182 thanks to doshitan
* `check28` 181 thanks to doshitan
* `check41` and `check44` 180 thanks to subramani95

Fixes:
* `check22` 194 thanks to mbode
* `check717` 188 thanks to ahhh
* fixed required IAM permissions 187 thanks to rtkjbillo

Documentation:
* Added new way to create custom checks and custom groups

Special thanks to:
philipmeadows for his help and ideas on code refactoring

New features:
- New **forensics ready** group of checks: it includes existing and new ones to ensure your AWS account is ready for a deep forensic investigation if needed `prowler -c forensics-ready`
- Added option `-e` to exclude all extra checks (they may make prowler take longer to finish)
- New check `extra78` Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark) thanks to sidewinder12s
- New check `extra79` Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark) thanks to sidewinder12s
- New check `extra710` Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark) thanks to sidewinder12s
- New check `extra711` Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark) thanks to sidewinder12s
- New check `extra712` Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra713` Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra714` Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra715` Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra716` Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)
- New check `extra717` Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra718` Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra719` Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)
- New check `extra720` Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)
- New check `extra721` Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)
- New check `extra722` Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)

Fixes:
- Typo in extra72 by neonbunny
- check114 by subramani95

Improvements:
- PR 150 Load of authentication credentials
- PR 164 check31 by subramani95
- PR 167 OSTYPE handling to support Alpine docker containers

Documentation:
- Added section https://github.com/Alfresco/prowler#forensics-ready-checks to README
- Added all new extra checks to README

Special thanks to:
sidewinder12s subramani95 neonbunny and SubatomicHero.

New features:
- More extra checks to find public AMIs, ECR repos and EC2 snapshots
- New flag `-l` to list all available checks
- New Dockerfile to create your own image with prowler

Fixes:
- Issue 133 text fix in check36
- Issue 137 fix in check114
- Issue 136 fix in check113
- Issue 135 fix regarding [[]] statements
- Issue 134 fix in check124
- Issue 131 fix in check312
- Issue 130 fix in check12
- Issue 129 fix in checks section 3

Improvements:
- Refactored title and checks id in the script

Documentation:
- Added section how to add Custom Checks to README
- Added section Third Party Integrations to README

Thanks to st33v wassies tomas-milata sente pbugnion

- New features
101 Added -n option to show check numbers easier to sort, ie. 1.02 instead of 1.2.
- Improvements
83 better check73 checking bucket permissions (ACL and Policies)
81 Improved extra73 - S3 bucket permissions
84 Improved and error handling for check15 and check111, improved check41
- Fixes
82 Fixed bug in extra73 for buckets in EU (eu-west-1)
86 Fix LICENSE
87 Fix temp file issue
91 Broken sed expression & typos
92 Fix scored output
95 Added --max-items option to extra72
97 Removed printCurrentDate() and added current date to banner
98 Updated infoReferenceLong() text and moved the function call
99 Remove bit.ly reference
100 Removed printCurrentDate reference
103 Fix check14 if users contain same strings as table tittle

Thanks MrSecure neonbunny hemedga jphuynh steverigby for your help and suggestions.

- Fixes regarding SNS checks and some other small fixes
- Added CIS profile definitions (profile1 and profile2 as stated in their documentation)
- Added extra checks (extra71, extra72 and extra73 to check admins w/o MFA, Search Publicly shared EBS Snapshots and S3 buckets open to the internet)
- Improved documentation