PyPI - prowler-cloud - Versions diffs - 5.13.1__py3-none-any.whl → 5.14.1__py3-none-any.whl - Mend

prowler-cloud 5.13.1py3-none-any.whl → 5.14.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (298) hide show

prowler/lib/scan/scan.py CHANGED Viewed

@@ -1,4 +1,5 @@
 import datetime
+from datetime import timezone
 from types import SimpleNamespace
 from typing import Generator
@@ -25,6 +26,7 @@ from prowler.lib.scan.exceptions.exceptions import (
 )
 from prowler.providers.common.models import Audit_Metadata, ProviderOutputOptions
 from prowler.providers.common.provider import Provider
+from prowler.providers.iac.iac_provider import IacProvider
 class Scan:
@@ -90,15 +92,25 @@ class Scan:
             except ValueError:
                 raise ScanInvalidStatusError(f"Invalid status provided: {s}.")
-        # Load bulk compliance frameworks
-        self._bulk_compliance_frameworks = Compliance.get_bulk(provider.type)
-        # Get bulk checks metadata for the provider
-        self._bulk_checks_metadata = CheckMetadata.get_bulk(provider.type)
-        # Complete checks metadata with the compliance framework specification
-        self._bulk_checks_metadata = update_checks_metadata_with_compliance(
-            self._bulk_compliance_frameworks, self._bulk_checks_metadata
-        )
+        # Special setup for IaC provider - override inputs to work with traditional flow
+        if provider.type == "iac":
+            # IaC doesn't use traditional Prowler checks, so clear all input parameters
+            # to avoid validation errors and let it flow through the normal logic
+            checks = None
+            services = None
+            excluded_checks = None
+            excluded_services = None
+            self._bulk_checks_metadata = {}
+            self._bulk_compliance_frameworks = {}
+        else:
+            # Load bulk compliance frameworks
+            self._bulk_compliance_frameworks = Compliance.get_bulk(provider.type)
+            # Get bulk checks metadata for the provider
+            self._bulk_checks_metadata = CheckMetadata.get_bulk(provider.type)
+            # Complete checks metadata with the compliance framework specification
+            self._bulk_checks_metadata = update_checks_metadata_with_compliance(
+                self._bulk_compliance_frameworks, self._bulk_checks_metadata
+            )
         # Create a list of valid categories
         valid_categories = set()
@@ -148,19 +160,22 @@ class Scan:
                     )
         # Load checks to execute
-        self._checks_to_execute = sorted(
-            load_checks_to_execute(
-                bulk_checks_metadata=self._bulk_checks_metadata,
-                bulk_compliance_frameworks=self._bulk_compliance_frameworks,
-                check_list=checks,
-                service_list=services,
-                compliance_frameworks=compliances,
-                categories=categories,
-                severities=severities,
-                provider=provider.type,
-                checks_file=None,
+        if provider.type == "iac":
+            self._checks_to_execute = ["iac_scan"]  # Dummy check name for IaC
+        else:
+            self._checks_to_execute = sorted(
+                load_checks_to_execute(
+                    bulk_checks_metadata=self._bulk_checks_metadata,
+                    bulk_compliance_frameworks=self._bulk_compliance_frameworks,
+                    check_list=checks,
+                    service_list=services,
+                    compliance_frameworks=compliances,
+                    categories=categories,
+                    severities=severities,
+                    provider=provider.type,
+                    checks_file=None,
+                )
             )
-        )
         # Exclude checks
         if excluded_checks:
@@ -184,9 +199,13 @@ class Scan:
         self._number_of_checks_to_execute = len(self._checks_to_execute)
-        service_checks_to_execute = get_service_checks_to_execute(
-            self._checks_to_execute
-        )
+        # Set up service-based checks tracking
+        if provider.type == "iac":
+            service_checks_to_execute = {"iac": set(["iac_scan"])}
+        else:
+            service_checks_to_execute = get_service_checks_to_execute(
+                self._checks_to_execute
+            )
         service_checks_completed = dict()
         self._service_checks_to_execute = service_checks_to_execute
@@ -245,6 +264,9 @@ class Scan:
             Exception: If any other error occurs during the execution of a check.
         """
         try:
+            # Initialize check_name for error handling
+            check_name = None
             # Using SimpleNamespace to create a mocked object
             arguments = SimpleNamespace()
@@ -266,6 +288,64 @@ class Scan:
             start_time = datetime.datetime.now()
+            # Special handling for IaC provider
+            if self._provider.type == "iac":
+                # IaC provider doesn't use regular checks, it runs Trivy directly
+                if isinstance(self._provider, IacProvider):
+                    logger.info("Running IaC scan with Trivy...")
+                    # Run the IaC scan
+                    iac_reports = self._provider.run()
+                    # Convert IaC reports to Finding objects
+                    findings = []
+                    for report in iac_reports:
+                        # Generate unique UID for the finding
+                        finding_uid = f"{report.check_metadata.CheckID}-{report.resource_name}-{report.resource_line_range}"
+                        # Convert status string to Status enum
+                        status_enum = (
+                            Status.FAIL if report.status == "FAIL" else Status.PASS
+                        )
+                        if report.muted:
+                            status_enum = Status.MUTED
+                        finding = Finding(
+                            auth_method="Repository",  # IaC uses repository as auth method
+                            timestamp=datetime.datetime.now(timezone.utc),
+                            account_uid=self._provider.scan_repository_url or "local",
+                            account_name="IaC Repository",
+                            metadata=report.check_metadata,  # Pass the CheckMetadata object directly
+                            uid=finding_uid,
+                            status=status_enum,
+                            status_extended=report.status_extended,
+                            muted=report.muted,
+                            resource_uid=report.resource_name,  # For IaC, the file path is the UID
+                            resource_metadata=report.resource,  # The raw finding dict
+                            resource_name=report.resource_name,
+                            resource_details=report.resource_details,
+                            resource_tags={},  # IaC doesn't have resource tags
+                            region=report.region,  # IaC region is the branch name
+                            compliance={},  # IaC doesn't have compliance mappings yet
+                            raw=report.resource,  # The raw finding dict
+                        )
+                        findings.append(finding)
+                    # Filter the findings by the status
+                    if self._status:
+                        findings = [f for f in findings if f.status in self._status]
+                    # Update progress and yield findings
+                    self._number_of_checks_completed = 1
+                    self._number_of_checks_to_execute = 1
+                    yield (100.0, findings)
+                    # Calculate duration
+                    end_time = datetime.datetime.now()
+                    self._duration = int((end_time - start_time).total_seconds())
+                    return
             for check_name in checks_to_execute:
                 try:
                     # Recover service from check name
@@ -341,6 +421,7 @@ class Scan:
             # Update the scan duration when all checks are completed
             self._duration = int((datetime.datetime.now() - start_time).total_seconds())
         except Exception as error:
+            check_name = check_name or "Scan error"
             logger.error(
                 f"{check_name} - {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
             )

prowler/lib/utils/utils.py CHANGED Viewed

@@ -64,7 +64,7 @@ def open_file(input_file: str, mode: str = "r") -> TextIOWrapper:
     except OSError as os_error:
         if os_error.strerror == "Too many open files":
             logger.critical(
-                "Ooops! You reached your user session maximum open files. To solve this issue, increase the shell session limit by running this command `ulimit -n 4096`. For more info visit https://docs.prowler.cloud/en/latest/troubleshooting/"
+                "Ooops! You reached your user session maximum open files. To solve this issue, increase the shell session limit by running this command `ulimit -n 4096`. For more info visit https://docs.prowler.com/troubleshooting/"
             )
         else:
             logger.critical(

prowler/providers/aws/aws_regions_by_service.json CHANGED Viewed

@@ -199,6 +199,7 @@
         "aws": [
           "ap-south-1",
           "ap-southeast-2",
+          "ca-central-1",
           "eu-west-1",
           "eu-west-2",
           "us-east-1",
@@ -1211,6 +1212,7 @@
     "b2bi": {
       "regions": {
         "aws": [
+          "eu-west-1",
           "us-east-1",
           "us-east-2",
           "us-west-2"
@@ -1452,6 +1454,23 @@
         ]
       }
     },
+    "bedrock-agentcore": {
+      "regions": {
+        "aws": [
+          "ap-northeast-1",
+          "ap-south-1",
+          "ap-southeast-1",
+          "ap-southeast-2",
+          "eu-central-1",
+          "eu-west-1",
+          "us-east-1",
+          "us-east-2",
+          "us-west-2"
+        ],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
     "bedrock-data-automation": {
       "regions": {
         "aws": [
@@ -1553,6 +1572,7 @@
         "aws": [
           "af-south-1",
           "ap-east-1",
+          "ap-east-2",
           "ap-northeast-1",
           "ap-northeast-2",
           "ap-northeast-3",
@@ -1562,6 +1582,9 @@
           "ap-southeast-2",
           "ap-southeast-3",
           "ap-southeast-4",
+          "ap-southeast-5",
+          "ap-southeast-6",
+          "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
           "eu-central-1",
@@ -1575,6 +1598,7 @@
           "il-central-1",
           "me-central-1",
           "me-south-1",
+          "mx-central-1",
           "sa-east-1",
           "us-east-1",
           "us-east-2",
@@ -2940,6 +2964,7 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ap-southeast-5",
+          "ap-southeast-6",
           "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
@@ -2984,6 +3009,7 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ap-southeast-5",
+          "ap-southeast-6",
           "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
@@ -3606,6 +3632,7 @@
           "ap-northeast-1",
           "ap-northeast-2",
           "ap-northeast-3",
+          "eu-central-1",
           "eu-west-1",
           "eu-west-2",
           "eu-west-3",
@@ -4569,6 +4596,27 @@
         "aws-us-gov": []
       }
     },
+    "evs": {
+      "regions": {
+        "aws": [
+          "ap-northeast-1",
+          "ap-south-1",
+          "ap-southeast-1",
+          "ap-southeast-2",
+          "ca-central-1",
+          "eu-central-1",
+          "eu-south-1",
+          "eu-west-1",
+          "eu-west-2",
+          "eu-west-3",
+          "us-east-1",
+          "us-east-2",
+          "us-west-2"
+        ],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
     "fargate": {
       "regions": {
         "aws": [
@@ -5182,6 +5230,7 @@
         "aws": [
           "af-south-1",
           "ap-east-1",
+          "ap-east-2",
           "ap-northeast-1",
           "ap-northeast-2",
           "ap-northeast-3",
@@ -5192,6 +5241,7 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ap-southeast-5",
+          "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
           "eu-central-1",
@@ -6940,21 +6990,6 @@
         "aws-us-gov": []
       }
     },
-    "lookoutvision": {
-      "regions": {
-        "aws": [
-          "ap-northeast-1",
-          "ap-northeast-2",
-          "eu-central-1",
-          "eu-west-1",
-          "us-east-1",
-          "us-east-2",
-          "us-west-2"
-        ],
-        "aws-cn": [],
-        "aws-us-gov": []
-      }
-    },
     "lumberyard": {
       "regions": {
         "aws": [
@@ -7119,6 +7154,7 @@
           "ap-southeast-1",
           "ap-southeast-2",
           "ap-southeast-3",
+          "ap-southeast-5",
           "ca-central-1",
           "eu-central-1",
           "eu-north-1",
@@ -7233,6 +7269,7 @@
           "eu-west-1",
           "eu-west-2",
           "eu-west-3",
+          "me-central-1",
           "me-south-1",
           "sa-east-1",
           "us-east-1",
@@ -7706,6 +7743,7 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ap-southeast-5",
+          "ap-southeast-6",
           "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
@@ -7863,6 +7901,7 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ap-southeast-5",
+          "ap-southeast-6",
           "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
@@ -7924,6 +7963,7 @@
         "aws": [
           "af-south-1",
           "ap-east-1",
+          "ap-east-2",
           "ap-northeast-1",
           "ap-northeast-2",
           "ap-northeast-3",
@@ -7934,6 +7974,8 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ap-southeast-5",
+          "ap-southeast-6",
+          "ap-southeast-7",
           "ca-central-1",
           "ca-west-1",
           "eu-central-1",
@@ -7947,6 +7989,7 @@
           "il-central-1",
           "me-central-1",
           "me-south-1",
+          "mx-central-1",
           "sa-east-1",
           "us-east-1",
           "us-east-2",
@@ -8383,6 +8426,7 @@
     "payment-cryptography": {
       "regions": {
         "aws": [
+          "af-south-1",
           "ap-northeast-1",
           "ap-northeast-3",
           "ap-south-1",
@@ -9769,6 +9813,20 @@
         ]
       }
     },
+    "rtbfabric": {
+      "regions": {
+        "aws": [
+          "ap-northeast-1",
+          "ap-southeast-1",
+          "eu-central-1",
+          "eu-west-1",
+          "us-east-1",
+          "us-west-2"
+        ],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
     "rum": {
       "regions": {
         "aws": [

prowler/providers/aws/lib/quick_inventory/quick_inventory.py CHANGED Viewed

@@ -297,7 +297,7 @@ def create_output(resources: list, provider: AwsProvider, args):
         csv_file.close()
         print(
-            f"\n{Fore.YELLOW}WARNING: Only resources that have or have had tags will appear (except for IAM and S3).\nSee more in https://docs.prowler.cloud/en/latest/tutorials/quick-inventory/#objections{Style.RESET_ALL}"
+            f"\n{Fore.YELLOW}WARNING: Only resources that have or have had tags will appear (except for IAM and S3).\nSee more in https://docs.prowler.com/user-guide/cli/tutorials/quick-inventory/#objections{Style.RESET_ALL}"
         )
         print("\nMore details in files:")
         print(f" - CSV: {args.output_directory}/{output_file + csv_file_suffix}")

prowler/providers/aws/lib/security_hub/security_hub.py CHANGED Viewed

@@ -256,7 +256,7 @@ class SecurityHub:
                 security_hub_client.list_enabled_products_for_import()
             ):
                 logger.warning(
-                    f"Security Hub is enabled in {region} but Prowler integration does not accept findings. More info: https://docs.prowler.cloud/en/latest/tutorials/aws/securityhub/"
+                    f"Security Hub is enabled in {region} but Prowler integration does not accept findings. More info: https://docs.prowler.com/user-guide/providers/aws/securityhub#aws-security-hub-integration-with-prowler"
                 )
                 return region, None
             else:

prowler/providers/aws/services/account/account_service.py CHANGED Viewed

@@ -1,9 +1,9 @@
 from typing import Optional
-from venv import logger
 from botocore.client import ClientError
 from pydantic.v1 import BaseModel
+from prowler.lib.logger import logger
 from prowler.providers.aws.lib.service.service import AWSService

prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json CHANGED Viewed

@@ -32,9 +32,7 @@
       "Url": "https://hub.prowler.com/check/awslambda_function_using_supported_runtimes"
     }
   },
-  "Categories": [
-    "container-security"
-  ],
+  "Categories": [],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_alarm_state_configured/cloudwatch_alarm_actions_alarm_state_configured.metadata.json CHANGED Viewed

@@ -1,31 +1,42 @@
 {
   "Provider": "aws",
   "CheckID": "cloudwatch_alarm_actions_alarm_state_configured",
-  "CheckTitle": "Check if CloudWatch alarms have specified actions configured for the ALARM state.",
+  "CheckTitle": "CloudWatch metric alarm has actions configured for the ALARM state",
   "CheckType": [
     "Software and Configuration Checks/AWS Security Best Practices"
   ],
   "ServiceName": "cloudwatch",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:cloudwatch:region:account-id:alarm/alarm-name",
+  "ResourceIdTemplate": "",
   "Severity": "high",
   "ResourceType": "AwsCloudWatchAlarm",
-  "Description": "This control checks whether an Amazon CloudWatch alarm has at least one action configured for the ALARM state. The control fails if the alarm doesn't have an action configured for the ALARM state.",
-  "Risk": "Without an action configured for the ALARM state, the CloudWatch alarm will not notify you or take any predefined action when a monitored metric goes beyond the defined threshold, potentially delaying responses to critical events.",
-  "RelatedUrl": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions",
+  "Description": "Amazon CloudWatch metric alarms are evaluated for **actions** configured for the `ALARM` state. The finding flags alarms that have no action to execute when their monitored metric crosses its threshold.",
+  "Risk": "Without an **ALARM action**, threshold breaches trigger no **notification** or **automated response**. This delays detection and containment, risking:\n- Availability: prolonged outages or missed scale-out\n- Integrity/confidentiality: unchecked anomalies enabling tampering or data loss",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions",
+    "https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudwatch/client/put_metric_alarm.html",
+    "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm",
+    "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-15",
+    "https://support.icompaas.com/support/solutions/articles/62000233431-ensure-cloudwatch-alarms-have-specified-actions-configured-for-the-alarm-state",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudWatch/cloudwatch-alarm-action.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/2.0.34/reference/cloudwatch/put-metric-alarm.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "aws cloudwatch put-metric-alarm --alarm-name <alarm-name> --alarm-actions <action-arn>",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-15",
-      "Terraform": ""
+      "CLI": "aws cloudwatch put-metric-alarm --alarm-name <alarm-name> --metric-name <metric-name> --namespace <namespace> --statistic <statistic> --period <period-seconds> --evaluation-periods <evaluation-periods> --threshold <threshold> --comparison-operator <comparison-operator> --alarm-actions <action-arn>",
+      "NativeIaC": "```yaml\n# CloudFormation: add an ALARM action to a metric alarm\nResources:\n  <example_resource_name>:\n    Type: AWS::CloudWatch::Alarm\n    Properties:\n      AlarmName: <example_resource_name>\n      MetricName: <metric-name>\n      Namespace: <namespace>\n      Statistic: Average\n      Period: 60\n      EvaluationPeriods: 1\n      Threshold: 1\n      ComparisonOperator: GreaterThanThreshold\n      AlarmActions:\n        - <action-arn>  # CRITICAL: adds an action for ALARM state so the check passes\n```",
+      "Other": "1. Open the AWS Console and go to CloudWatch > Alarms\n2. Select the target alarm and choose Edit (or Modify alarm)\n3. In Actions, under When alarm state is ALARM, add an action (e.g., select an SNS topic or other supported action)\n4. Click Save changes",
+      "Terraform": "```hcl\n# Terraform: add an ALARM action to a metric alarm\nresource \"aws_cloudwatch_metric_alarm\" \"<example_resource_name>\" {\n  alarm_name          = \"<example_resource_name>\"\n  metric_name         = \"<metric-name>\"\n  namespace           = \"<namespace>\"\n  statistic           = \"Average\"\n  period              = 60\n  evaluation_periods  = 1\n  threshold           = 1\n  comparison_operator = \"GreaterThanThreshold\"\n  alarm_actions       = [\"<action-arn>\"] # CRITICAL: ensures an action is configured for ALARM state\n}\n```"
     },
     "Recommendation": {
-      "Text": "Configure your CloudWatch alarms to trigger actions, such as sending notifications via Amazon SNS, when the alarm state changes to ALARM.",
-      "Url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudWatch/cloudwatch-alarm-action.html"
+      "Text": "Assign at least one **ALARM-state action** per alarm (e.g., notify via SNS or run automated remediation with Lambda/SSM). Keep actions enabled, apply **least privilege** to targets, and regularly test. *For critical metrics*, add redundant paths (EventBridge) for **defense in depth**.",
+      "Url": "https://hub.prowler.com/check/cloudwatch_alarm_actions_alarm_state_configured"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_enabled/cloudwatch_alarm_actions_enabled.metadata.json CHANGED Viewed

@@ -1,31 +1,40 @@
 {
   "Provider": "aws",
   "CheckID": "cloudwatch_alarm_actions_enabled",
-  "CheckTitle": "Check if CloudWatch alarms have actions enabled",
+  "CheckTitle": "CloudWatch metric alarm has actions enabled",
   "CheckType": [
-    "Software and Configuration Checks/AWS Security Best Practices"
+    "Software and Configuration Checks/AWS Security Best Practices",
+    "Industry and Regulatory Standards/AWS Foundational Security Best Practices",
+    "TTPs/Defense Evasion"
   ],
   "ServiceName": "cloudwatch",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:cloudwatch:region:account-id:alarm/alarm-name",
+  "ResourceIdTemplate": "",
   "Severity": "high",
   "ResourceType": "AwsCloudWatchAlarm",
-  "Description": "Alarm actions automatically alert you when a monitored metric is outside the defined threshold. If the alarm action is deactivated, no actions are run when the alarm changes state, and you won't be alerted to changes in monitored metrics. We recommend activating CloudWatch alarm actions to help you quickly respond to security and operational issues.",
-  "Risk": "Without active alarm actions, you may not be alerted to security or operational issues, potentially leading to delayed responses and increased risk.",
-  "RelatedUrl": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions",
+  "Description": "**CloudWatch metric alarms** are evaluated for **alarm actions** activation (`actions_enabled: true`), enabling state changes to invoke configured notifications or automated responses.",
+  "Risk": "With alarm actions disabled, state changes neither notify nor remediate. Incidents can persist unnoticed, enabling unauthorized activity, configuration drift, or capacity exhaustion. Visibility drops, MTTR rises, and confidentiality, integrity, and availability are all at greater risk.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudWatch/cloudwatch-alarm-action-activated.html",
+    "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions",
+    "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-17"
+  ],
   "Remediation": {
     "Code": {
       "CLI": "aws cloudwatch enable-alarm-actions --alarm-names <alarm-name>",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-17",
-      "Terraform": ""
+      "NativeIaC": "```yaml\nResources:\n  <example_resource_name>:\n    Type: AWS::CloudWatch::Alarm\n    Properties:\n      ActionsEnabled: true  # FIX: activates alarm actions so the check passes\n      ComparisonOperator: GreaterThanThreshold\n      EvaluationPeriods: 1\n      MetricName: <example_metric_name>\n      Namespace: <example_metric_namespace>\n      Period: 60\n      Statistic: Average\n      Threshold: 1\n```",
+      "Other": "1. Open the CloudWatch console\n2. Go to Alarms > All alarms and select the alarm\n3. Choose Actions > Alarm actions - new > Enable\n4. Confirm to activate actions",
+      "Terraform": "```hcl\nresource \"aws_cloudwatch_metric_alarm\" \"<example_resource_name>\" {\n  alarm_name          = \"<example_resource_name>\"\n  comparison_operator = \"GreaterThanThreshold\"\n  evaluation_periods  = 1\n  metric_name         = \"<example_metric_name>\"\n  namespace           = \"<example_metric_namespace>\"\n  period              = 60\n  statistic           = \"Average\"\n  threshold           = 1\n\n  actions_enabled = true  # FIX: activates alarm actions so the check passes\n}\n```"
     },
     "Recommendation": {
-      "Text": "Ensure that all CloudWatch alarms have at least one action configured. This can include sending notifications to SNS topics, invoking Lambda functions, or triggering other AWS services.",
-      "Url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudWatch/cloudwatch-alarm-action-activated.html"
+      "Text": "Enable `actions_enabled` on critical alarms and attach least-privilege actions (SNS, automation) for ALARM and recovery states. Use redundant targets, regularly test notifications, and integrate with incident response. Apply **defense in depth** with complementary detections to ensure timely, reliable alerting.",
+      "Url": "https://hub.prowler.com/check/cloudwatch_alarm_actions_enabled"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler-cloud 5.13.1__py3-none-any.whl → 5.14.1__py3-none-any.whl

prowler-cloud 5.13.1py3-none-any.whl → 5.14.1py3-none-any.whl