This release name is in honor of Brave New World, a great song of 🔥Iron Maiden🔥 from their Brave New World album. Dedicated to all of you looking forward to having the world we had before COVID... We hope is not hitting you bad. Enjoy!

Important changes in this version (read this!):

• As you can see, Prowler is now in a new organization called https://github.com/prowler-cloud/.
• When Prowler doesn't have permissions to check a resources or service it gives an INFO instead of FAIL. We have improved all checks error handling in those use cases when the CLI responds with a AccessDenied, UnauthorizedOperation or AuthorizationError.
• From this version, master branch will be the latest available code and we will keep the stable code as each release, if you are installing or deploying Prowler using git clone to master take that into account and use the latest release instead, i.e.: git clone --branch 2.7 https://github.com/prowler-cloud/prowler or curl https://github.com/toniblyx/prowler/archive/refs/tags/2.7.0.tar.gz -o prowler-2.7.0.tar.gz
• For known issues please see https://github.com/prowler-cloud/prowler/issues the ones open with bug as a red tag.
• Discussions is now open in the Prowler repo https://github.com/prowler-cloud/prowler/discussions, feel free to use it if that works for you better than the current Discord server.
• 11 new checks!! Thanks to @michael-dickinson-sainsburys, @jonloza, @rustic, @Obiakara, @Daniel-Peladeau, @maisenhe, @7thseraph and @tekdj7. Now there have a total of 218 checks. See below for details.
• An issue with Security Hub integration when resolving closed findings are either a lot of new findings, or a lot of resolved findings is now working as expected thanks to @Kirizan
• When credential are in environment variable it failed to review, that was fixed by @lazize
• See below new features and more details for this version.

New Features

• 11 New checks for Redshift, EFS, CloudWatch, Secrets Manager, DynamoDB and Shield Advanced:

7.160 [extra7160] Check if Redshift has automatic upgrades enabled - redshift [Medium]
7.161 [extra7161] Check if EFS have protects sensative data with encryption at rest - efs [Medium]
7.162 [extra7162] Check if CloudWatch Log Groups have a retention policy of 365 days - cloudwatch [Medium]
7.163 [extra7163] Check if Secrets Manager key rotation is enabled - secretsmanager [Medium]
7.164 [extra7164] Check if CloudWatch log groups are protected by AWS KMS  - logs [Medium]
7.165 [extra7165] Check if DynamoDB: DAX Clusters are encrypted at rest - dynamodb [Medium]
7.166 [extra7166] Check if Elastic IP addresses with associations are protected by AWS Shield Advanced - shield [Medium]
7.167 [extra7167] Check if Cloudfront distributions are protected by AWS Shield Advanced - shield [Medium]
7.168 [extra7168] Check if Route53 hosted zones are protected by AWS Shield Advanced - shield [Medium]
7.169 [extra7169] Check if global accelerators are protected by AWS Shield Advanced - shield [Medium]
7.170 [extra7170] Check if internet-facing application load balancers are protected by AWS Shield Advanced - shield [Medium]
7.171 [extra7171] Check if classic load balancers are protected by AWS Shield Advanced - shield [Medium]

• Add -D option to copy to S3 with the initial AWS credentials instead of the assumed as with -B option by @sectoramen in https://github.com/toniblyx/prowler/pull/974
• Add new functions to backup and restore initial AWS credentials, for better handling chaining role by @sectoramen in https://github.com/toniblyx/prowler/pull/978
• Add additional action permissions for Glue and Shield Advanced checks by @lazize in https://github.com/toniblyx/prowler/pull/995

Enhancements

• Update Dockerfile to use Amazon Linux container image by @Kirizan in https://github.com/toniblyx/prowler/pull/972
• Update Readme: -T option is not mandatory by @jfagoagas in https://github.com/toniblyx/prowler/pull/944
• Add $PROFILE_OPT to CopyToS3 commands by @sectoramen in https://github.com/toniblyx/prowler/pull/976
• Remove unneeded package "file" from Dockerfile by @sectoramen in https://github.com/toniblyx/prowler/pull/977
• Update docs (templates): Improve bug template with more info by @jfagoagas in https://github.com/toniblyx/prowler/pull/982

Fixes

• Fix in README and multiaccount serverless deployment templates by @dlorch in https://github.com/toniblyx/prowler/pull/939
• Fix assume-role: check if -T and -A options are set together by @jfagoagas in https://github.com/toniblyx/prowler/pull/945
• Fix group25 FTR by @lopmoris in https://github.com/toniblyx/prowler/pull/948
• Fix in README link for group25 FTR by @lopmoris in https://github.com/toniblyx/prowler/pull/949
• Fix issue #938 assume_role multiple times by @halfluke in https://github.com/toniblyx/prowler/pull/951
• Fix and clean assume-role to better handle AWS STS CLI errors by @jfagoagas in https://github.com/toniblyx/prowler/pull/946
• Fix issue with Security Hub integration when resolving closed findings are either a lot of new findings, or a lot of resolved findings by @Kirizan in https://github.com/toniblyx/prowler/pull/953
• Fix broken link in README.md by @rtcms in https://github.com/toniblyx/prowler/pull/966
• Fix checks with comma issues in checks by @j2clerck in https://github.com/toniblyx/prowler/pull/975
• Fix: Credential chaining from environment variables by @lazize in https://github.com/toniblyx/prowler/pull/996

New Contributors

• @jonloza made their first contribution in https://github.com/toniblyx/prowler/pull/932
• @Obiakara made their first contribution in https://github.com/toniblyx/prowler/pull/935
• @dlorch made their first contribution in https://github.com/toniblyx/prowler/pull/939
• @Daniel-Peladeau made their first contribution in https://github.com/toniblyx/prowler/pull/937
• @lopmoris made their first contribution in https://github.com/toniblyx/prowler/pull/948
• @halfluke made their first contribution in https://github.com/toniblyx/prowler/pull/951
• @maisenhe made their first contribution in https://github.com/toniblyx/prowler/pull/956
• @rtcms made their first contribution in https://github.com/toniblyx/prowler/pull/966
• @sectoramen made their first contribution in https://github.com/toniblyx/prowler/pull/974
• @j2clerck made their first contribution in https://github.com/toniblyx/prowler/pull/975
• @lazize made their first contribution in https://github.com/toniblyx/prowler/pull/995

Full Changelog: https://github.com/toniblyx/prowler/compare/2.6.1...2.7