Finding Compliance Issues in AWS Environment Using Prowler

Sarthak TyagiSarthak Tyagi
2 min read

Introduction

Today, I explored how to identify compliance issues in an AWS environment using Prowler, a security tool for AWS assessments. In this blog, I will guide you through the installation, setup, and execution of Prowler, along with retrieving the compliance reports.

Tools Used

  • Prowler (AWS Security Assessment Tool)

  • AWS CLI

  • Python & pip (for package management)

Step-by-Step Guide

1. Install Prowler

To get started with Prowler, follow these steps:

Note: If Python and pip are not installed, install them first.

Now, install Prowler using the following command:

pip install prowler
prowler -v  # Verify installation

2. Configure AWS Credentials

To authenticate AWS access, configure your credentials:

aws configure

Enter the following details when prompted:

3. Run Prowler

Run the following command to start the compliance check:

prowler <provider>

For AWS, use:

prowler aws

4. Retrieve Compliance Reports

After execution, Prowler will generate a compliance report in a dedicated directory. The report includes compliance standards like NIST 800-53, CIS Benchmark, and more.

5. Copy Reports to Windows (If Using Ubuntu on Windows)

If you are running Ubuntu inside Windows (WSL), you can copy the reports to your local machine using:

cp -r /home/ubuntu/report/* /mnt/c/Users/sarth/Downloads/Report/

Conclusion

Prowler is an efficient tool for assessing AWS security compliance. By following these steps, you can identify potential security risks and ensure compliance with industry standards. Happy auditing!

0
Subscribe to my newsletter

Read articles from Sarthak Tyagi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Prowler AWSCIS BenchmarkNIST 800-53compliance auditingAWS complianceDevSecOpsaws security

Written by

Sarthak Tyagi
Sarthak Tyagi