prowler-cloud/prowler 4.4.0 on GitHub

Alexander the Great
His name struck fear into hearts of men
Alexander the Great
Became a legend 'mongst mortal men

Prowler 4.4.0 - Alexander the Great 🚀 is here, bringing a ton of new AWS checks and fixes! We also invite you to enjoy this Iron Maiden song.

A big shout-out to our engineers @danibarranqueroo, @MarioRgzLpz and @HugoPBrito for their fantastic work in developing new checks and to our new external contributors @abant07, @LefterisXefteris, @h4r5h1t, @Jude-Bae and @johannes-engler-mw for their PRs 🥳

New features to highlight in this version

AWS

🔐 Cover IAM non existing AWS actions/resources

Prowler now covers IAM scenarios where policies could have a non existing AWS actions in the NotAction statement allowing ALL actions in resources (same as non existing resources in NotResource) like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "NotAction": "prowler:action",
            "NotResource": "arn:aws:s3:::calculator"
        }
    ]
}

More info in LinkedIn post by @Chan9390 here.

🤔 How to Prevent AWS AI From Using Your Data

Recently, AWS may be using your data to train its AI models, and you may have unwittingly consented to it.
The new check organizations_opt_out_ai_services_policy ensure that you stop feeding AWS’s AI with your data.
You can see @QuinnyPig's helpful post about how to opt out here or using the AWS documentation.

🚀 More checks!

Prowler has expanded its AWS coverage with 74 new checks for ACM, CloudFront, CodeBuild, DMS, DocumentDB, DynamoDB, EC2, ECS, EKS, Elasticache, ELB, ELBv2, EKS, GuardDuty, IAM, KMS, Lambda, Neptune, Network Firewall, Organizations, RDS, S3, SageMaker and VPC.

See all the new available checks with prowler aws --list-checks

acm_certificates_with_secure_key_algorithms
awslambda_function_inside_vpc
awslambda_function_vpc_multi_az
cloudfront_distributions_custom_ssl_certificate
cloudfront_distributions_default_root_object
cloudfront_distributions_https_sni_enabled
cloudfront_distributions_multiple_origin_failover_configured
cloudfront_distributions_origin_traffic_encrypted
cloudfront_distributions_s3_origin_access_control
cloudfront_distributions_s3_origin_non_existent_bucket
codebuild_project_no_secrets_in_variables
codebuild_project_source_repo_url_no_sensitive_credentials
dms_endpoint_ssl_enabled
documentdb_cluster_public_snapshot
dynamodb_accelerator_cluster_in_transit_encryption_enabled
dynamodb_table_deletion_protection_enabled
dynamodb_table_protected_by_backup_plan
ec2_client_vpn_endpoint_connection_logging_enabled
ec2_ebs_volume_protected_by_backup_plan
ec2_instance_paravirtual_type
ec2_instance_uses_single_eni
ec2_launch_template_no_public_ip
ec2_networkacl_unused
ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
ec2_transitgateway_auto_accept_vpc_attachments
ecr_repositories_tag_immutability
ecs_service_no_assign_public_ip
ecs_task_definitions_containers_readonly_access
ecs_task_definitions_host_namespace_not_shared
ecs_task_definitions_host_networking_mode_users
ecs_task_definitions_logging_enabled
ecs_task_definitions_no_privileged_containers
eks_cluster_uses_a_supported_version
elasticache_redis_cluster_automatic_failover_enabled
elasticache_redis_cluster_auto_minor_version_upgrades
elasticache_redis_replication_group_auth_enabled
elbv2_is_in_multiple_az
elb_connection_draining_enabled
elb_cross_zone_load_balancing_enabled
elb_is_in_multiple_az
guardduty_rds_protection_enabled
guardduty_s3_protection_enabled
iam_group_administrator_access_policy
iam_user_administrator_access_policy
kms_cmk_not_deleted_unintentionally
neptune_cluster_copy_tags_to_snapshots
neptune_cluster_integration_cloudwatch_logs
neptune_cluster_public_snapshot
neptune_cluster_snapshot_encrypted
networkfirewall_policy_rule_group_associated
organizations_opt_out_ai_services_policy
rds_cluster_copy_tags_to_snapshots
rds_cluster_critical_event_subscription
rds_cluster_default_admin
rds_cluster_deletion_protection
rds_cluster_iam_authentication_enabled
rds_cluster_integration_cloudwatch_logs
rds_cluster_minor_version_upgrade_enabled
rds_cluster_multi_az
rds_cluster_non_default_port
rds_cluster_storage_encrypted
rds_instance_copy_tags_to_snapshots
rds_instance_critical_event_subscription
rds_instance_event_subscription_parameter_groups
rds_instance_inside_vpc
rds_instance_non_default_port
rds_instance_protected_by_backup_plan
s3_access_point_public_access_block
s3_bucket_cross_account_access
s3_bucket_cross_region_replication
s3_bucket_lifecycle_enabled
sagemaker_endpoint_config_prod_variant_instances
vpc_endpoint_for_ec2_enabled
vpc_vpn_connection_tunnels_up

📜 KISA ISMS-P AWS compliance framework added

Prowler now supports one of Korea’s key security compliance frameworks, the Personal Information & Information Security Management System (ISMS-P) from the Korea Internet & Security Agency (KISA) thanks to @Jude-Bae !

Azure

🆕 Azure Container Registries now supported!

@johannes-engler-mw added a new check containerregistry_admin_user_disabled for verifying if the admin user is disabled for Azure Container Registries.

You can try it with prowler azure -c containerregistry_admin_user_disabled

🔧 Other issues and bug fixes solved for all the cloud providers

Features

feat(acm): Add new check for insecure algorithms in certificates by @MarioRgzLpz in #4551
feat(aws): Add a test_connection method by @jfagoagas in #4563
feat(aws): add custom exceptions class by @pedrooot in #4847
feat(aws): Add new check to ensure Aurora MySQL DB Clusters publish audit logs to CloudWatch logs by @danibarranqueroo in #4916
feat(aws): Add new check to ensure RDS DB clusters are encrypted at rest by @danibarranqueroo in #4931
feat(aws): Add new check to ensure RDS db clusters copy tags to snapshots by @danibarranqueroo in #4846
feat(aws): Add new check to ensure RDS event notification subscriptions are configured for critical cluster events by @danibarranqueroo in #4887
feat(aws): Add new check to ensure RDS event notification subscriptions are configured for critical database instance events by @danibarranqueroo in #4891
feat(aws): Add new check to ensure RDS event notification subscriptions are configured for critical database parameter group events by @danibarranqueroo in #4907
feat(aws): Add new check to ensure RDS instances are not using default database engine ports by @danibarranqueroo in #4973
feat(aws): Add new check opensearch_service_domains_access_control_enabled by @abant07 in #5203
feat(aws): add new check organizations_opt_out_ai_services_policy by @sergargar in #5152
feat(aws): Add new CodeBuild check to validate environment variables by @danibarranqueroo in #4632
feat(aws): Add new KMS check to prevent unintentional key deletion by @danibarranqueroo in #4595
feat(aws): Add new Neptune check for cluster snapshot visibility by @danibarranqueroo in #4709
feat(aws): Add new RDS check for deletion protection enabled on clusters by @danibarranqueroo in #4738
feat(aws): Add new RDS check to ensure db clusters are configured for multiple availability zones by @danibarranqueroo in #4781
feat(aws): Add new RDS check to ensure db instances are protected by a backup plan by @danibarranqueroo in #4879
feat(aws): Add new RDS check to verify that cluster minor version upgrade is enabled by @danibarranqueroo in #4725
feat(aws): Add new RDS check to verify that db instances copy tags to snapshots by @danibarranqueroo in #4806
feat(aws): Add new S3 check for public access block configuration in access points by @HugoPBrito in #4608
feat(aws): add tags to Global Accelerator by @puchy22 in #5233
feat(aws): Split the checks that mix RDS Instances and Clusters by @danibarranqueroo in #4730
feat(aws) Add check to make sure EKS clusters have a supported version by @abant07 in #4604
feat(awslambda): add new check awslambda_function_vpc_multi_az by @puchy22 in #4816
feat(awslambda): New check to ensure that a function is inside VPC by @puchy22 in #4783
feat(azure): add custom exception class by @pedrooot in #4871
feat(azure): add test_connection method by @pedrooot in #4615
feat(azure containerregistry): gather service infos and checks disabled admin user by @johannes-engler-mw in #5191
feat(backup): add tags to backup vaults and backup plans by @puchy22 in #5194
feat(cloudfront): add new check cloudfront_distributions_custom_ssl_certificate by @HugoPBrito in #4959
feat(cloudfront): Add new check cloudfront_distributions_default_root_object by @HugoPBrito in #4938
feat(cloudfront): add new check cloudfront_distributions_s3_origin_non_existing_bucket by @HugoPBrito in #4996
feat(cloudfront): Add new cloudfront_distributions_s3_origin_access_control check to ensure OAC is configured in distributions by @HugoPBrito in #4939
feat(cloudfront): add cloudfront_distributions_origin_traffic_encrypted check to ensure traffic encryption to custom origins by @HugoPBrito in #4958
feat(cloudfront): Ensure Cloudfront distributions have origin failover configured by @HugoPBrito in #4868
feat(cloudfront): Ensure distributions use SNI to serve HTTPS requests by @HugoPBrito in #4888
feat(codebuild): add tags support to projects by @puchy22 in #5207
feat(CodeBuild): Ensure source repository URLs do not contain sensitive credentials by @MarioRgzLpz in #4731
feat(compliance): add KISA ISMS-P compliance framework by @Jude-Bae in #5086
feat(compliance): add method list_compliance_requirements by @pedrooot in #4890
feat(compliance): rename Compliance class and add list_compliance by @pedrooot in #4883
feat(dms): add tags to DMS checks by @puchy22 in #5209
feat(dms): new check dms_endpoint_ssl_enabled by @LefterisXefteris in #4968
feat(DocumentDB): Add new DocumentDB check for cluster snapshot visibility by @MarioRgzLpz in #4702
feat(dynamodb): add new check dynamodb_accelerator_cluster_in_transit_encryption_enabled by @danibarranqueroo in #5173
feat(dynamodb): add new check dynamodb_table_deletion_protection_enabled by @danibarranqueroo in #5148
feat(dynamodb): add new check dynamodb_table_protected_by_backup_plan by @danibarranqueroo in #5175
feat(EC2): Add new check for security group port restrictions by @MarioRgzLpz in #4594
feat(ec2): Amazon EC2 Instances Should Not Use Multiple ENIs by @MarioRgzLpz in #4935
feat(ec2): Amazon EC2 Paravirtual Instance Types Should Not Be Used by @MarioRgzLpz in #4922
feat(EC2): Change service to adjust the data saved in template_data in LaunchTemplateVersion by @MarioRgzLpz in #4848
feat(ec2): Client VPN Endpoints Should Have Client Connection Logging Enabled by @MarioRgzLpz in #4804
feat(ec2): EBS Volumes Should Be Covered by a Backup Plan by @MarioRgzLpz in #5028
feat(ec2): Ensure automatic acceptance of VPC attachment requests is disabled by @MarioRgzLpz in #4765
feat(ec2): Ensure both VPN tunnels for an AWS Site-to-Site VPN connection are UP by @MarioRgzLpz in #4948
feat(ec2): Ensure EC2 launch templates do not assign public IPs by @MarioRgzLpz in #4852
feat(ec2): Ensure not default Network Access Control Lists are used by @MarioRgzLpz in #4917
feat(ecr): Ensure ECR repositories have tag immutability configured by @MarioRgzLpz in #5144
feat(ecs): add new check ecs_task_definitions_host_networking_mode_users by @MarioRgzLpz in #5088
feat(ecs): Ensure ECS containers have a logging configuration specified by @MarioRgzLpz in #5234
feat(ecs): Ensure ECS containers have read-only access to root filesystems by @MarioRgzLpz in #5168
feat(ecs): Ensure ECS containers run as non-privileged by @MarioRgzLpz in #5214
feat(ecs): Ensure ECS task definitions host's process namespace is not shared by @MarioRgzLpz in #5146
feat(ecs): Ensure public IP addresses are not assigned automatically by @MarioRgzLpz in #5128
feat(elasticache): add check elasticache_redis_cluster_auth_enabled by @HugoPBrito in #4830
feat(elasticache): Ensure Redis Cache Clusters Automatically Install Minor Updates by @HugoPBrito in #4699
feat(elasticache): Ensure Redis replication groups have automatic failover enabled by @HugoPBrito in #4853
feat(elb): add new check elb_connection_draining_enabled by @puchy22 in #5014
feat(elb): add new check elb_cross_zone_load_balancing_enabled by @puchy22 in #4818
feat(elb): add new check elb_is_in_multiple_az by @puchy22 in #4829
feat(elbv2): add new check elbv2_is_in_multiple_az by @puchy22 in #4800
feat(gcp): add a test_connection method by @sergargar in #4616
feat(gcp): add custom exceptions clas by @pedrooot in #4908
feat(glue): add tags to Glue checks by @puchy22 in #5213
feat(guardduty): add new check guardduty_rds_protection_enabled by @HugoPBrito in #5100
feat(guardduty): add new check guardduty_s3_protection_enabled by @danibarranqueroo in #5087
feat(html): Add number of muted findings in HTML report #4703 by @abant07 in #4895
feat(IAM): add new check iam_group_administrator_access_policy by @puchy22 in #4831
feat(iam): add new check iam_user_administrator_access_policy by @puchy22 in #4802
feat(inspector2): Add more tests to inspector2_is_enabled check by @MarioRgzLpz in #5150
feat(kubernetes): add a test_connection method by @sergargar in #4684
feat(kubernetes): add custom exception class by @pedrooot in #4912
feat(neptune): add new check neptune_cluster_copy_tags_to_snapshots by @danibarranqueroo in #5062
feat(neptune): add new check neptune_cluster_integration_cloudwatch_logs by @danibarranqueroo in #5048
feat(neptune): add new check neptune_cluster_snapshot_encrypted by @danibarranqueroo in #5058
feat(networkfirewall): add new check networkfirewall_policy_rule_group_associated by @HugoPBrito in #5225
feat(networkfirewall): change network_firewalls from list to dict by @HugoPBrito in #5169
feat(opensearch): Add domain inside VPC case for public domain check by @puchy22 in #4570
feat(rds): add missing tags to RDS checks by @puchy22 in #5230
feat(rds): add new check rds_cluster_non_default_port by @danibarranqueroo in #5113
feat(rds): add new check rds_instance_inside_vpc by @danibarranqueroo in #5029
feat(s3): Add new check s3_bucket_cross_account_access by @HugoPBrito in #5082
feat(s3): add s3_bucket_cross_region_replication check by @HugoPBrito in #4761
feat(s3): add s3_bucket_lifecycle_enabled check by @HugoPBrito in #4801
feat(sagemaker): Ensure SageMaker Endpoint Production Variants have Initial Instance Count greater than one by @MarioRgzLpz in #5045
feat(secrets): improve detect secrets checks and add config by @pedrooot in #4915
feat(securityhub): add tags securityhub_enabled by @puchy22 in #5231
feat(slack): add more information about critical findings by @abant07 in #5042
feat(threat-detection): Use IAM Identity for Cloudtrail Threat Detection instead of IP by @abant07 in #5166
feat(vpc): Ensure Amazon EC2 Is Configured to Use VPC Endpoints Created for the Amazon EC2 Service by @MarioRgzLpz in #4872
feat(wafv2): add tags to wafv2_webacl_logging_enabled by @puchy22 in #5243

Fixes

fix(accessanalyzer): refactor accessanalyzer enabled fixer test by @pedrooot in #5026
fix(acm): Change check logic to scan only in use certificates by @MarioRgzLpz in #4732
fix(asff): include status extended in ASFF output by @sergargar in #5097
fix(audit): solve resources audit by @sergargar in #4983
fix(aws): always use audited partition by @sergargar in #5174
fix(aws): change check metadata ec2_securitygroup_allow_wide_open_public_ipv4 by @pedrooot in #4946
fix(aws): change protected_by_backup_plan checks by @danibarranqueroo in #5204
fix(aws): enchance check cloudformation_stack_outputs_find_secrets by @pedrooot in #4859
fix(aws): enhance resource arn filtering by @sergargar in #4821
fix(aws): handle AWS key-only tags by @sergargar in #4845
fix(aws): handle none type attributes by @sergargar in #5216
fix(aws): make intersection to retrieve checks to execute by @pedrooot in #4970
fix(aws): raise ArgumentTypeError for parser by @pedrooot in #4921
fix(aws): run Prowler as IAM Root or Federated User by @sergargar in #4712
fix(awslamba): add audit config to lambda_client in tests by @pedrooot in #4999
fix(backport): Workaround not to fail if no backport is needed by @jfagoagas in #4707
fix(cloudfront): duplicated link in cloudfront_distributions_https_sni_enabled check by @HugoPBrito in #5047
fix(ec2): Manage UnicodeDecodeError when reading user data by @puchy22 in #4785
fix(ecr): change log level of non-scanned images by @sergargar in #4747
fix(ecr): handle non-existing findingSeverityCounts key by @sergargar in #4746
fix(elasticache): get correct automatic failover attribute by @HugoPBrito in #5084
fix(gcp): add default project for org level checks by @sergargar in #5003
fix(gcp): check cloudsql sslMode by @pedrooot in #4635
fix(gcp): check next rotation time in KMS keys by @pedrooot in #4633
fix(gcp): solve errors in GCP services by @sergargar in #5016
fix(gcp): use KMS key id in checks by @sergargar in #4610
fix(iam): fill resource id with inline policy entity by @pedrooot in #5120
fix(iam): handle no arn serial numbers for MFA devices by @pedrooot in #4697
fix(iam): update logic of Root Hardware MFA check by @sergargar in #4726
fix(iam-gcp): add getters in iam_service for gcp by @pedrooot in #4998
fix(inspector2): Ensure Inspector2 is enabled for ECR, EC2, Lambda and Lambda Code by @MarioRgzLpz in #5061
fix(lightsail): Remove second call to is_resource_filtered by @h4r5h1t in #5044
fix(main): logic for resource_tag and resource_arn usage by @pedrooot in #4979
fix(metadata): change description from documentdb_cluster_deletion_protection by @pedrooot in #4909
fix(mutelist): change logic for tags in aws mutelist by @pedrooot in #4786
fix(outputs): refactor unroll_tags to use str as tags by @pedrooot in #4817
fix(rds): add comprobations before list tags by @puchy22 in #5249
fix(rds): get the db_instances values by @pedrooot in #4866
fix(rds): handle new rds arn template function syntax by @sergargar in #4980
fix(rds): Modify RDS Event Notification Subscriptions for Security Groups Events check by @danibarranqueroo in #4969
fix(scan_test): change resource_tags to a dict by @pedrooot in #4631
fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4 by @pedrooot in #4951
fix(sns): add condition to sns topics by @pedrooot in #4498
fix(tags): handle AWS dictionary type tags by @sergargar in #4656
fix(tests): patch head_bucket function correctly by @sergargar in #5246
fix(version): update version flag logic by @sergargar in #4688
fix(vpc): check all routes tables in subnet by @sergargar in #5081
fix: handle empty input regions by @sergargar in #4841

Chores

chore(actions): Run for v4.* branch by @jfagoagas in #4682
chore(autoscaling): deprecate check autoscaling_find_secrets_ec2_launch_configuration by @puchy22 in #5205
chore(aws): add mixed regions test for s3_access_point_public_access_block by @LefterisXefteris in #4877
chore(aws): Change RDS instance type from list to dict by @danibarranqueroo in #4851
chore(aws): Convert ELB and ELBv2 attributes to dictionaries by @puchy22 in #4575
chore(aws): handle NotAction cases in IAM policies by @sergargar in #5035
chore(aws): improve IAM Resource Policy public logic by @sergargar in #5067
chore(AWS): match all AWS resource types with SecurityHub supported types in metadata by @puchy22 in #4882
chore(aws): Remove token from log line by @jfagoagas in #4903
chore(aws-region): Use Prowler Bot by @jfagoagas in #4863
chore(awslambda): Enhance function public access check called from other resource by @puchy22 in #4679
chore(aws_mutelist): Add more Control Tower resources and tests by @jfagoagas in #4900
chore(azure): Fix CIS 2.1 mapping by @puchy22 in #4760
chore(backport): Automate all the things! by @jfagoagas in #4669
chore(backport): update backport PR title by @sergargar in #4686
chore(backport): Use Prowler-Bot PAT by @jfagoagas in #4855
chore(bot): Use bot Token by @jfagoagas in #5163
chore(check_metadata): Rename to CheckMetadata by @jfagoagas in #4864
chore(cloudtrail): add remediation link to check cloudtrail_s3_dataevents_read_enabled by @HugoPBrito in #4764
chore(cloudtrail): add remediation link to check cloudtrail_s3_dataevents_write_enabled by @HugoPBrito in #4762
chore(dependencies): update boto3 and botocore packages by @sergargar in #4976
chore(deps): bump aiohttp from 3.9.5 to 3.10.2 by @dependabot in #4713
chore(deps): bump azure-identity from 1.17.1 to 1.18.0 by @dependabot in #5108
chore(deps): bump azure-mgmt-compute from 32.0.0 to 33.0.0 by @dependabot in #4856
chore(deps): bump azure-mgmt-containerservice from 31.0.0 to 32.0.0 by @dependabot in #5036
chore(deps): bump azure-mgmt-cosmosdb from 9.5.1 to 9.6.0 by @dependabot in #5111
chore(deps): bump azure-mgmt-network from 26.0.0 to 27.0.0 by @dependabot in #5201
chore(deps): bump azure-mgmt-web from 7.3.0 to 7.3.1 by @dependabot in #4813
chore(deps): bump azure-storage-blob from 12.23.0 to 12.23.1 by @dependabot in #5240
chore(deps): bump boto3 from 1.35.26 to 1.35.28 by @dependabot in #5232
chore(deps): bump botocore from 1.35.28 to 1.35.29 by @dependabot in #5239
chore(deps): bump cryptography from 43.0.0 to 43.0.1 by @dependabot in #4923
chore(deps): bump cryptography from 43.0.0 to 43.0.1 by @dependabot in #4928
chore(deps): bump dash from 2.17.1 to 2.18.0 by @dependabot in #4932
chore(deps): bump dash from 2.18.0 to 2.18.1 by @dependabot in #5024
chore(deps): bump google-api-python-client from 2.146.0 to 2.147.0 by @dependabot in #5185
chore(deps): bump kubernetes from 30.1.0 to 31.0.0 by @dependabot in #5137
chore(deps): bump msgraph-sdk from 1.7.0 to 1.8.0 by @dependabot in #5110
chore(deps): bump numpy from 2.0.1 to 2.0.2 by @dependabot in #4869
chore(deps): bump pandas from 2.2.2 to 2.2.3 by @dependabot in #5139
chore(deps): bump peter-evans/create-pull-request from 6 to 7 by @dependabot in #4926
chore(deps): bump pytz from 2024.1 to 2024.2 by @dependabot in #5012
chore(deps): bump slack-sdk from 3.33.0 to 3.33.1 by @dependabot in #5107
chore(deps): bump tj-actions/changed-files from 44 to 45 by @dependabot in #4822
chore(deps): bump trufflesecurity/trufflehog from 3.82.5 to 3.82.6 by @dependabot in #5222
chore(deps): update docs dependencies by @sergargar in #5098
chore(deps-dev): bump bandit from 1.7.9 to 1.7.10 by @dependabot in #5157
chore(deps-dev): bump black from 24.4.2 to 24.8.0 by @dependabot in #4627
chore(deps-dev): bump coverage from 7.6.0 to 7.6.1 by @dependabot in #4640
chore(deps-dev): bump flake8 from 7.1.0 to 7.1.1 by @dependabot in #4643
chore(deps-dev): bump mkdocs-git-revision-date-localized-plugin from 1.2.8 to 1.2.9 by @dependabot in #5023
chore(deps-dev): bump mkdocs-material from 9.5.36 to 9.5.38 by @dependabot in #5206
chore(deps-dev): bump moto from 5.0.14 to 5.0.15 by @dependabot in #5158
chore(deps-dev): bump pylint from 3.3.0 to 3.3.1 by @dependabot in #5187
chore(deps-dev): bump pytest-env from 1.1.4 to 1.1.5 by @dependabot in #5090
chore(deps-dev): bump pytest from 8.3.2 to 8.3.3 by @dependabot in #4991
chore(deps-dev): bump safety from 3.2.7 to 3.2.8 by @dependabot in #5238
chore(deps-dev): bump vulture from 2.11 to 2.12 by @dependabot in #5071
chore(docs): change ResourceType link of Security Hub by @sergargar in #5063
chore(ec2): add tags to report of EC2 launch templates by @puchy22 in #5210
chore(ec2): Change security groups to dict by @puchy22 in #4700
chore(elbv2): add SecurityHub link to elbv2_desync_mitigation_mode metadata by @puchy22 in #4791
chore(elbv2): Add SecurityHub link to elbv2_ssl_listeners metadata by @puchy22 in #4787
chore(labeler): Run also for v4.* by @jfagoagas in #4687
chore(organizations): improve AWS Organizations service by @sergargar in #5151
chore(prowler): change all methods from services from format double underscore to single underscore by @puchy22 in #4910
chore(pull-request): add check for backport by @pedrooot in #4901
chore(rds): Revert changes on inherited instance checks by @danibarranqueroo in #4827
chore(README): update checks summary table by @puchy22 in #5119
chore(readme): Update Slack invite link by @toniblyx in #4875
chore(README): update summary table by @sergargar in #4984
chore(README): update summary table by @sergargar in #5248
chore(readme): Update the number of AWS checks by @puchy22 in #4860
chore(refactor): make Provider generation global by @sergargar in #4961
chore(regions): Update labels for backporting by @jfagoagas in #4678
chore(regions_update): Changes in regions for AWS services by @prowler-bot in #5224
chore(release): Remove unused step by @jfagoagas in #4874
chore(scan-class): add new scan class by @pedrooot in #4564
chore(ssm): add tags to ssm_managed_compliant_patching by @puchy22 in #5245
chore(ssm): add trusted accounts variable to ssm check by @sergargar in #5005
chore(test): improve iam_root_hardware_mfa_enabled tests by @sergargar in #4833
chore(version): update master version by @sergargar in #4681
chore(version): update version logic in Prowler by @sergargar in #4654
chore: change SaaS for Prowler by @jfagoagas in #4651
chore: remove not used variable by @jfagoagas in #4873
docs(check): change where extract ResourceTypes by @puchy22 in #5030
docs(dev-guide): refer poetry docs for installation by @puchy22 in #5031
docs(developer-guide): add info about docstrings by @pedrooot in #4701
docs(fixers): improve docs about fixers by @pedrooot in #4889
docs(is_item_matched): update docstrings for method by @pedrooot in #4836
docs(mutelist): Add service_* documentation by @jfagoagas in #4650
docs(Tutorials): include volume option when running dashboard in docker by @thejaywhy in #4620
docs: change installation methods by @puchy22 in #5192
refactor(aws): Refactor provider by @pedrooot in #4808
refactor(azure): refactor azure provider by @pedrooot in #4653
refactor(azure): remove validate_arguments for CLI by @pedrooot in #4985
refactor(check_metadata): move bulk_load_checks_metadata inside class by @pedrooot in #4934
refactor(cloudfront): replace origins dictionary with custom Origin class by @HugoPBrito in #4981
refactor(execute_check): refactor execute method by @pedrooot in #4975
refactor(gcp): refactor GCP provider by @pedrooot in #4790
refactor(kubernetes): refactor Kubernetes provider by @pedrooot in #4805
refactor(mutelist): Remove re.match and improve docs by @jfagoagas in #4637
refactor(output_options): remove output options from provider by @pedrooot in #5149
refactor(provider): move audit and fixer config inside the provider by @pedrooot in #4960
refactor(s3): Changed buckets variable type form list to dict by @HugoPBrito in #4742
refactor(tags): convert tags to a dictionary by @sergargar in #4598
test(awslambda): Cover possible checks with moto instead MagicMock by @puchy22 in #4609

New Contributors

@thejaywhy made their first contribution in #4620
@abant07 made their first contribution in #4604
@MarioRgzLpz made their first contribution in #4551
@LefterisXefteris made their first contribution in #4877
@h4r5h1t made their first contribution in #5044
@Jude-Bae made their first contribution in #5086
@johannes-engler-mw made their first contribution in #5191

Full Changelog: 4.3.7...4.4.0

prowler-cloud/prowler 4.4.0 Prowler 4.4.0 - Alexander the Great on GitHub