A Terraform module that deploys Prowler as containerized tasks on AWS ECS, automating cloud security scans and storing results securely in S3.
Setting up Prowler to run in a set of containers on ECS and save to S3
This tool is designed for cloud security professionals and DevOps teams who want to automate AWS security compliance scanning using Prowler within a scalable ECS container environment. It simplifies deployment by provisioning all necessary AWS resources like ECS clusters, IAM roles, CloudWatch events, KMS keys, and S3 buckets to run scheduled Prowler scans and securely store their outputs.
This module requires AWS credentials configured for Terraform to provision resources. The current version depends on Terraform 0.12.20 or later due to use of the `try` function. The Docker image for Prowler is built and pushed separately via a GitHub Action in the mencarellic/prowler repository, so ensure that pipeline is operational. Future improvements aim to remove the need for AWS keys by possibly integrating more secure authentication methods.
Ensure Terraform version >0.12.20 is installed
Reference the module in your Terraform configuration using the provided source URL
Optionally override default variables for KMS, IAM, CloudWatch, security groups, ECS, ECR, and S3 as needed
Run `terraform init` to initialize the module
Run `terraform apply` to deploy the ECS cluster, roles, CloudWatch events, and S3 bucketmodule "prowler" { source = "git@github.com:mencarellic/terraform-ecs-prowler?ref=v0.1.0" # Optional variable overrides here }
Terraform module block to include and configure the terraform-ecs-prowler module in your infrastructure code.