cdk-prowler
Project description
cdk-prowler
An AWS CDK custom construct for deploying Prowler to you AWS Account. The following description about Prowler is taken from https://github.com/toniblyx/prowler:
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA…
It generates security html results which are stored in an s3 bucket:
And in your Codebuild Report group:
AWS AMI
If you just want to make the Prowler security checks in your account try my Prowler AWS Marketplace AMI. With just $1 Prowler will do over 180 security checks across a huge amount of AWS services in all your regions. Don't forget the terminate the Ec2 instance when the Prowler stack got created for not paying more than that $1 :).
With buying the AMI you support my on my passion for creating open source products like this cdk-prowler construct. Furthermore you enable me to work on future features like mentioned in the Planned Features section. Thank you so much :) !
Example
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
from cdk_prowler import ProwlerAudit
app = App()
stack = Stack(app, "ProwlerAudit-stack")
ProwlerAudit(stack, "ProwlerAudit")
cdk-prowler Properties
cdk-prowler supports some properties to tweak your stack. Like for running a Cloudwatch schedule to regualary run the Prowler scan with a defined cron expression.
You can see the supported properties in Api.md
Planned Features
- Supporting AWS SecurityHub https://github.com/toniblyx/prowler#security-hub-integration
- Triggering an event with SNS when prowler finishes the run
- AMI EC2 executable
Architecture
Misc
yes | yarn destroy && yarn deploy --require-approval never
Rerun Prowler on deploy
yarn deploy --require-approval never -c reRunProwler=true
Thanks To
- My friend and fellaw ex colleague Tony de la Fuente (https://github.com/toniblyx https://twitter.com/ToniBlyx) for developing such a cool security tool as Prowler
- As always to the amazing CDK / Projen Community. Join us on Slack!
- Projen project and the community around it
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cdk_prowler-1.119.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4f9a637c92fef66fa0d2478b2a74b1ca884fd502adeb3dc33e6ae50e4846eaf4 |
|
MD5 | 9509c8963eb2fb9a04f5dc620a0d0148 |
|
BLAKE2b-256 | eb1731e00b46cc4f234e8a90e7865e403d694e3e7731a7e65556414a0f97d2f5 |