Skip to content

Prowler is initiating IAM service while scanning Cloudwatch #5676

Answered by jfagoagas
qadri99-max asked this question in Q&A
Discussion options

You must be logged in to vote

Hello @qadri99-max, actually the CloudWatch service has the check cloudwatch_cross_account_sharing_disabled which reviews if CloudWatch has allowed cross-account sharing, looking for the presence of the IAM Role CloudWatch-CrossAccountSharingRole. That's the reason why CloudWatch needs to setup the IAM client.

Regarding the other services:

  • ELB has the check elb_ssl_listeners_use_acm_certificate which requires to call ACM APIs to see if a Certificate is configured.
  • Regarding EventBridge I can't see any of the checks calling a different service. Could you review what API calls are being executed in your environment while running Prowler?

Thanks!

Replies: 3 comments 1 reply

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Answer selected by qadri99-max
Comment options

You must be logged in to vote
1 reply
@jfagoagas
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants