Creates new Prowler cloud providers or adds services to existing providers.
Trigger: When extending Prowler SDK provider architecture (adding a new provider or a new service to an existing provider).
Flags that accept secrets (tokens, passwords, API keys) MUST follow these rules:
Use nargs="?" with default=None — the flag accepts an optional value for backward compatibility; the recommended path is environment variables.
Set metavar to the environment variable name users should use (e.g., metavar="GITHUB_PERSONAL_ACCESS_TOKEN").
Add the flag to the SENSITIVE_ARGUMENTS frozenset at the top of the provider's arguments.py. This set is used to redact values in HTML output and warn users who pass secrets directly.
Do not add new arguments that require passing secrets as CLI values — secrets should come from environment variables. The flag accepts a value for backward compatibility, but CLI warns users to prefer env vars.
Pattern
# prowler/providers/{provider}/lib/arguments/arguments.py
SENSITIVE_ARGUMENTS = frozenset({"--my-api-key", "--my-password"})
def init_parser(self):
auth_subparser = parser.add_argument_group("Authentication Modes")
auth_subparser.add_argument(
"--my-api-key",
nargs="?",
default=None,
metavar="MY_API_KEY",
help="API key for authentication. Use MY_API_KEY env var instead of passing directly.",
)
Provider Class Template
from prowler.providers.common.provider import Provider
class {Provider}Provider(Provider):
"""Provider class for {Provider} cloud platform."""
def __init__(self, arguments):
super().__init__(arguments)
self.session = self._setup_session(arguments)
self.regions = self._get_regions()
def _setup_session(self, arguments):
"""Provider-specific authentication."""
# Implement credential handling
pass
def _get_regions(self):
"""Get available regions for provider."""
# Return list of regions
pass
Service Class Template
from prowler.providers.{provider}.lib.service.service import {Provider}Service
class {Service}({Provider}Service):
"""Service class for {service} resources."""
def __init__(self, provider):
super().__init__(provider)
self.{resources} = []
self._fetch_{resources}()
def _fetch_{resources}(self):
"""Fetch {resource} data from API."""
try:
response = self.client.list_{resources}()
for item in response:
self.{resources}.append(
{Resource}(
id=item["id"],
name=item["name"],
region=item.get("region"),
)
)
except Exception as e:
logger.error(f"Error fetching {resources}: {e}")
Service Client Template
from prowler.providers.{provider}.services.{service}.{service}_service import {Service}
{service}_client = {Service}
Supported Providers
Current providers:
AWS (Amazon Web Services)
Azure (Microsoft Azure)
GCP (Google Cloud Platform)
Kubernetes
GitHub
M365 (Microsoft 365)
OracleCloud (Oracle Cloud Infrastructure)
AlibabaCloud
Cloudflare
MongoDB Atlas
NHN (NHN Cloud)
LLM (Language Model providers)
IaC (Infrastructure as Code)
Commands
# Run provider
uv run python prowler-cli.py {provider}
# List services for provider
uv run python prowler-cli.py {provider} --list-services
# List checks for provider
uv run python prowler-cli.py {provider} --list-checks
# Run specific service
uv run python prowler-cli.py {provider} --services {service}
# Debug mode
uv run python prowler-cli.py {provider} --log-level DEBUG
Resources
Templates: See assets/ for Provider, Service, and Client singleton templates