Using Prowler for AWS assessment against CIS Foundations benchmark - Part 1 Introduction and setup

Priyam Singh

~ 2 min read

Prowler is an Open Source security tool used for AWS security best practices assessments, incident response, audits, continuous monitoring, hardening, and forensics readiness. This post covers an introduction and instructions to set up the tool for learning.


Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening, and incident response.

It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 190 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others.


Prowler can be installed on any Linux, Mac OS, or Windows with Cygwin or virtualization. Basic requirements include

  1. Install jq and detect-secrets to work properly.
  2. Python pip
  3. The latest version of AWS-CLI. It works with either v1 or v2, however latest v2 is recommended if using new regions since it requires an STS v2 token, and other components needed.

Steps to install

For Ubuntu Linux

  1. Install pip

    sudo apt install python3 python3-pip jq git zip
  2. Installation of detect-secrets

    pip install detect-secrets==1.0.3
  3. Install AWS CLI V2 and refer to the official documentation for other methods

    curl "" -o ""

    Install AWS cli v2

    sudo ./aws/install
  4. Now clone the prowler tool from GitHub

    git clone
  5. Before running the Prowler tool configure an AWS account on the terminal on which you want to run Prowler. For configuration refer to the documentation

  6. The above credentials that are configured must have proper permissions associated with a user or role to do all checks. Only adding the AWS-managed policies, SecurityAudit and ViewOnlyAccess, to the user or role being used will also work.

  7. Once the Prowler tool is cloned, change to the prowler directory and run the tool.


    Prowler scan