Just start AWS CloudShell and run these commands:
git clone https://github.com/toniblyx/prowler/ pip3 install detect-secrets --user cd prowler ./prowler
If you run Prowler and realize that takes more time that the CloudShell session you can use screen command line tool for that (screen manager with VT100/ANSI terminal emulation). To install it:
sudo yum install screen -y
Run Prowler in a screen session:
screen -dmS prowler sh -c "./prowler -M html"
Check existing running screen sessions:
Attach to the Prowler session:
screen -r prowler
Use ‘Ctrl+a d’ to detach without terminating.
If you want to run Prowler from CloudShell against multiple accounts, first declare a variable with all account you want to assess:
export AWS_ACCOUNTS=‘1111111 222222 333333
Then, make sure you have a role to assume on each of those accounts. See this template (create_role_to_assume_cfn.yaml) that may help, then run this command:
for accountId in $AWS_ACCOUNTS; do screen -dmS prowler sh -c "./prowler -A $accountId -R ProwlerExecRole -M csv,json,html"; done
For more options and details go to: https://github.com/toniblyx/prowler or run ./prowler -h.