Skip to content

Prowler App

The Prowler App is a user-friendly interface for the Prowler CLI, providing a visual dashboard to monitor your cloud security posture. This tutorial will guide you through setting up and using the Prowler App.

After installing the Prowler App, access it at http://localhost:3000. You can also access to the auto-generated Prowler API documentation at http://localhost:8080/api/v1/docs to see all the available endpoints, parameters and responses.

Note

If you are a Prowler Cloud user you can see API docs at https://api.prowler.com/api/v1/docs

Step 1: Sign Up

To get started, sign up using your email and password:

Sign Up Button Sign Up


Step 2: Log In

Once you’ve signed up, log in with your email and password to start using the Prowler App.

Log In

You will see the Overview page with no data yet, so let's start adding a provider to scan your cloud environment.


Step 3: Add a Provider

To run your first scan, you need to add a cloud provider account. Prowler App supports AWS, Azure, GCP, and Kubernetes.

  1. Navigate to Settings > Cloud Providers.
  2. Click Add Account to set up a new provider and provide your credentials:

Add Provider


Step 4: Configure the Provider

Choose the provider you want to scan from the following options:

Select a Provider

Once you’ve selected a provider, you need to provide the Provider UID:

  • AWS: Enter your AWS Account ID.
  • GCP: Enter your GCP Project ID.
  • Azure: Enter your Azure Subscription ID.
  • Kubernetes: Enter your Kubernetes Cluster name.

Optionally, provide a Provider Alias for easier identification. Follow the instructions provided to add your credentials:


Step 4.1: AWS Credentials

For AWS, enter your AWS Account ID and choose one of the following methods to connect:

Step 4.1.1: IAM Access Keys

  1. Select Connect via Credentials.

    AWS Credentials

  2. Enter your Access Key ID, Secret Access Key and optionally a Session Token:

    AWS Credentials

Step 4.1.2: IAM Role

  1. Select Connect assuming IAM Role.

    AWS Role

  2. Enter the Role ARN and any optional field like the AWS Access Keys to assume the role, the External ID, the Role Session Name or the Session Duration:

    AWS Role


Step 4.2: Azure Credentials

For Azure, Prowler App uses a Service Principal to authenticate. See the steps in https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/azure/create-prowler-service-principal/ to create a Service Principal. Then, enter the Tenant ID, Client ID and Client Secret of the Service Principal.

Azure Credentials


Step 4.3: GCP Credentials

To connect your GCP Project, you need to use the Application Default Credentials (ADC) returned by the gcloud CLI. Here’s how to set up:

  1. Run the following command in your terminal to authenticate with GCP:
    gcloud auth application-default login
    
  2. Once authenticated, get the Client ID, Client Secret and Refresh Token from ~/.config/gcloud/application_default_credentials.
  3. Paste the Client ID, Client Secret and Refresh Token into the Prowler App.

GCP Credentials


Step 4.4: Kubernetes Credentials

For Kubernetes, Prowler App uses a kubeconfig file to authenticate, paste the contents of your kubeconfig file into the Kubeconfig content field.

By default, the kubeconfig file is located at ~/.kube/config.

Kubernetes Credentials


Step 5: Test Connection

After adding your credentials of your cloud account, click the Launch button to verify that the Prowler App can successfully connect to your provider:

Test Connection

Step 6: Scan started

After successfully adding and testing your credentials, Prowler will start scanning your cloud environment, click on the Go to Scans button to see the progress:

Start Now

Note

Prowler will automatically scan all configured providers every 24 hours, ensuring your cloud environment stays continuously monitored.


Step 7: Monitor Scan Progress

Track the progress of your scan in the Scans section:

Scan Progress


Step 8: Analyze the Findings

While the scan is running, start exploring the findings in these sections:

  • Overview: High-level summary of the scans. Overview
  • Compliance: Insights into compliance status. Compliance
  • Issues: Types of issues detected.

Issues

  • Browse All Findings: Detailed list of findings detected, where you can filter by severity, service, and more. Findings