Prowler not scanning multi-accounts using for loop

[qadri99-max]

I am wondering if someone can help to understand where I could be going wrong:
I am running Prowler through ECS Fargate. I am scanning multi accounts using the example given:

ACCOUNTS_LIST='11111111111 2222222222 333333333'

ROLE_TO_ASSUME=role_name

  for accountId in $ACCOUNTS_LIST; do
	if [ ${accountId} == “11111111111” ]; then
 	 prowler aws -f eu-west-1 -s s3 --output-bucket my_bucket_name role arn:aws:iam::$accountId:role/$ROLE_TO_ASSUME
echo ”Finished first loop” 

else
  	 prowler aws -f eu-west-2 -s s3 --output-bucket my_bucket_name role arn:aws:iam::$accountId:role/$ROLE_TO_ASSUME
echo ”Finished second loop” 
fi
done

The problem is that Prowler runs and scans but it does not move to next for-loop iteration. The last message it outputs is:
Detailed results are in :

• JSON-OCSF: /……..

It also does not save to S3 bucket.

Something happens that makes it stop after first scan. It does not even print the last echo statement: ”Finished first loop”

I have checked my for loop and if statements work correctly. I have used —verbose to see if it output any errors, but it does not.

Role also exists and has s3:PutObject permissions.

Would appreciate if someone can guide what else I can check.
thanks

[qadri99-max]

After a lot of debugging, I realised that ECS task was showing Exit code 3.
So I included -z flag when running Prowler and it runs fine and saves the S3 bucket.

I am curious to know what is this Exit code 3 and how does adding -z flag help?

thanks

[jfagoagas]

Hello @qadri99-max, by default Prowler emits an exit code 3 if the scan finishes with FAIL findings to allow it to use it in CI/CD pipelines to stop the execution if something fails. As per our documentation https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#disable-exit-code-3 you can disable the exit code 3 with the -z/--ignore-exit-code-3 flags.

Please, let me know if this works for you!

Thanks for using Prowler 🚀