feat/prowler shared workflow for AWS and GCP (#146)

Author: Bharadwajshivam28

.github/workflows/prowler.yml

@@ -0,0 +1,128 @@
+---
+name: Prowler Reusable Workflow
+
+on:
+  workflow_call:
+    inputs:
+      cloud_provider:
+        required: true
+        type: string
+        description: 'Cloud Provider'
+      project_id:
+        required: false
+        type: string
+        description: 'Project ID for GCP'
+      aws_region:
+        required: false
+        type: string
+        description: 'AWS Region'
+      access_token_lifetime:
+        required: false
+        type: number
+        default: 300
+        description: 'Duration for which an access token remains valid.'
+      role_duration_seconds:
+        required: false
+        type: number
+        default: 900
+        description: 'Duration of the session.'
+
+    secrets:
+      WIP:
+        required: false
+        description: 'WIP Connected with Service Account'
+      SERVICE_ACCOUNT:
+        required: false
+        description: 'GCP service account'
+      BUILD_ROLE:
+        required: false
+        description: 'AWS OIDC role for AWS authentication.'
+      AWS_ACCESS_KEY_ID:
+        required: false
+        description: 'AWS Access Key ID'
+      AWS_SECRET_ACCESS_KEY:
+        required: false
+        description: 'AWS Secret Access Key'
+      AWS_SESSION_TOKEN:
+        required: false
+        description: 'AWS Session Token'
+      AZURE_CLIENT_ID:
+        required: false
+        description: 'Azure Client ID'
+      AZURE_CLIENT_SECRET:
+        required: false
+        description: 'Azure Client Secret'
+      AZURE_TENANT_ID:
+        required: false
+        description: 'Azure Tenant ID'
+
+jobs:
+  prowler:
+    runs-on: macos-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Install Homebrew
+        run: |
+          /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+
+      - name: Install Prowler
+        run: |
+          brew install prowler
+
+      - name: Authenticate with Google Cloud
+        if: ${{ inputs.cloud_provider == 'gcp' }}
+        uses: google-github-actions/auth@v1
+        with:
+          token_format: access_token
+          workload_identity_provider: ${{ secrets.WIP }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+          access_token_lifetime: ${{ inputs.access_token_lifetime }}
+          project_id: ${{ inputs.project_id }}
+
+      - name: Install AWS CLI
+        if: ${{ inputs.cloud_provider == 'aws' }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
+          role-to-assume: ${{ secrets.BUILD_ROLE }}
+          aws-region: ${{ inputs.aws_region }}
+          role-duration-seconds: ${{ inputs.role_duration_seconds }}
+          role-skip-session-tagging: true
+
+      - name: Run Prowler for GCP
+        if: ${{ inputs.cloud_provider == 'gcp' }}
+        id: prowler-gcp
+        run: |
+          prowler gcp \
+          --project-ids ${{ inputs.project_id }} \
+          -o ${{ github.workspace }}/report/
+        continue-on-error: true
+
+      - name: Run Prowler for AWS
+        if: ${{ inputs.cloud_provider == 'aws' }}
+        id: prowler-aws
+        run: |
+          prowler aws -o ${{ github.workspace }}/report/
+        continue-on-error: true
+
+      - name: Run Prowler for Azure
+        if: ${{ inputs.cloud_provider == 'azure' }}
+        id: prowler-azure
+        run: |
+          export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
+          export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
+          export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
+          prowler azure --sp-env-auth -o ${{ github.workspace }}/report/
+        continue-on-error: true
+
+      - name: Upload report directory
+        uses: actions/upload-artifact@v3
+        with:
+          name: compliance-report
+          path: ${{ github.workspace }}/report/
+...

README.md

@@ -1,12 +1,15 @@
-<p align="center"> <img src="images/logo.png" width="100" height="100"></p>
+[![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website]
 
 <h1 align="center">GitHub Shared Workflows</h1>
 
+
+
 <p align="center">
 GitHub shared workflow defines a workflow that we can use in multiple repos with a simple structure.
 </p>
 
 
+
 <p align="center">
 <a href="LICENSE">
   <img src="https://img.shields.io/badge/License-APACHE-blue.svg" alt="Licence">
@@ -69,21 +72,62 @@ Above example is just a simple example to call workflow from github shared workf
 13. [ Readme Generation workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/readme.md)
 14. [ AWS SSM Send Command workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/AWSSSMSendCommand.md)
 15. [ Remote SSH Command workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/RemoteSSHCommand.md)
+16. [ Prowler workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/prowler.md)
 
 ## Feedback 
 If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/github-shared-workflows/issues), or feel free to drop us an email at [[email protected]](mailto:[email protected]).
 
 If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/github-shared-workflows)!
 
-## About us
+## :rocket: Our Accomplishment
+
+We have [*100+ Terraform modules*][terraform_modules] 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress.
+
+- [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here.
+
+- [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. 
+
+- [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean.
+
+## Join Our Slack Community
+
+Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path.
+Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency.
+
+🌐💬What you'll get after joining this Slack community:
+
+- 🚀 Encouragement to upgrade your best version.
+- 🌈 Learning companionship with our DevOps squad.
+- 🌱 Relentless growth with daily updates on new advancements in technologies.
+
+Join our tech elites [Join Now][slack] 🚀
+
+## ✨ Contributors
+
+Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. 
+
+<a href="https://github.com/clouddrove/github-shared-workflows/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=clouddrove/github-shared-workflows&max" />
+</a>
+<br>
+<br>
+
+## Explore Our Blogs
+
+ Click [here][blog] :books: :star2:
+
+## Tap into our capabilities
+We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. 
 
-At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
+At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [[email protected]](mailto:[email protected]).
 
 <p align="center">We are <b> The Cloud Experts!</b></p>
 <hr />
-<p align="center">We ❤️  <a href="https://github.com/clouddrove">Open Source</a> and you can check out <a href="https://github.com/clouddrove">our other modules</a> to get help with your new Cloud ideas.</p>
+<p align="center">We ❤️  <a href="https://github.com/clouddrove">Open Source</a> and you can check out <a href="https://registry.terraform.io/namespaces/clouddrove">our other modules</a> to get help with your new Cloud ideas.</p>
 
   [website]: https://clouddrove.com
+  [blog]: https://blog.clouddrove.com
+  [slack]: https://www.launchpass.com/devops-talks
   [github]: https://github.com/clouddrove
   [linkedin]: https://cpco.io/linkedin
   [twitter]: https://twitter.com/clouddrove/

docs/helm.md

@@ -45,6 +45,7 @@ jobs:
 
 #### Example for Azure cloud provider
 
+
 ```yaml
 name: Helm Workflow Azure
 on:

docs/prolwer.md

@@ -0,0 +1,84 @@
+## [Prowler Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/prowler.yml)
+Prowler an open cloud security platform for our cloud environment. We get a complete report of our cloud infra.
+
+### Usage
+This workflow is used to run Prowler scan on your cloud infra for AWS, GCP or Azure. At the end of Workflow a report is also saved Artifacts.
+
+### Example for AWS cloud provider
+
+```yaml
+name: Prowler on AWS
+on:
+  push:
+    branches:
+      - <Your_Branch>
+
+jobs:
+  prowler_aws:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    uses: clouddrove/github-shared-workflows/.github/workflows/prowler.yml@feat/master
+    with:
+      cloud_provider: aws
+      aws_region: ## AWS Region
+    
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID  }}
+      SERVICE_ACCOUNT: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
+      BUILD_ROLE:  ${{ secrets.BUILD_ROLE }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+```
+
+### Example for Azure cloud provider
+
+```yaml
+name: Prowler Azure
+on:
+  push:
+    branches:
+      - <Your_Branch>
+
+jobs:
+  prowler_azure:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    uses: clouddrove/github-shared-workflows/.github/workflows/prowler.yml@feat/master
+    with:
+      cloud_provider: azure
+    
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+      AZURE_TENANT_ID:  ${{ secrets.AZURE_TENANT_ID }}
+```
+
+### Example for GCP cloud provider
+
+```yaml
+name: Prowler for GCP
+on:
+  push:
+    branches:
+      - <Your_Branch>
+
+jobs:
+  prowler_gcp:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    uses: clouddrove/github-shared-workflows/.github/workflows/prowler.yml@feat/master
+    with:
+      cloud_provider: gcp
+      project_id: ## Your GCP Project ID
+    
+    secrets:
+      WIP: ${{ secrets.WIP }}
+      SERVICE_ACCOUNT: ${{ secrets.SERVICE_ACCOUNT }}
+```
+