![]() Prowler for Azure handles two types of permission scopes, which are: To use each one, you need to pass the proper flag to the execution. Also -browser-auth needs the tenant id to be specified with -tenant-id. The other three cases do not need additional configuration, -az-cli-auth and -managed-identity-auth are automated options, -browser-auth needs the user to authenticate using the default browser to start the scan. AZ CLI / Browser / Managed Identity authentication If you try to execute Prowler with the -sp-env-auth flag and those variables are empty or not exported, the execution is going to fail. To allow Prowler assume the service principal identity to start the scan, it is needed to configure the following environment variables:Įxport AZURE_CLIENT_ID="XXXXXXXXX" export AZURE_TENANT_ID="XXXXXXXXX" export AZURE_CLIENT_SECRET="XXXXXXX"
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |