prowler - AWS security assessment, auditing and hardening tools.

prowler – AWS security assessment, auditing and hardening tools.

prowler is a Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 https://www.cisecurity.org/cis-benchmarks/

Features:
It covers hardening and security best practices for all AWS regions related to:
+ Identity and Access Management (24 checks)
+ Logging (8 checks)
+ Monitoring (15 checks)
+ Networking (5 checks)
+ Extra checks (3 checks) *see Extras section

Prowler: AWS CIS Benchmark Tool

For a comprehesive list and resolution look at the guide on the link above.
With Prowler you can:
– get a colourish or monochrome report
– a CSV format report for diff
– run specific checks without having to run the entire report
– check multiple AWS accounts in parallel

STS expired token
If you are using an STS token for AWS-CLI and your session is expired you probably get this error:
– A client error (ExpiredToken) occurred when calling the GenerateCredentialReport operation: The security token included in the request is expired

Usage:

Source: https://github.com/Alfresco