feat(compliance): add SOC2 AWS Processing Integrity requirements

[pedrooot]

Description

This pull request adds several new processing integrity controls to the SOC 2 AWS compliance configuration. These additions expand the coverage of automated checks for system inputs, data processing, outputs, and stored data, helping ensure completeness, accuracy, timeliness, and protection across AWS services.

New Processing Integrity Controls:

• System Inputs: Added PI1.2 to ensure system inputs are measured, recorded, and logged accurately and completely. This includes checks for logging on API Gateway, ELB, WAF, CloudTrail, and CloudFront.
• Data Processing: Added PI1.3 to verify that data is processed as authorized, with controls for error detection, processing activity logging, and completeness. Includes checks for multi-region CloudTrail, log validation, metric filters, config recorder, RDS, Glue, and Step Functions logging.

Output and Storage Protections:

• System Outputs: Added PI1.4 to ensure outputs are complete, accurate, and distributed only to intended parties, with encryption and access controls for S3, CloudWatch, SNS, Kinesis, CloudFront, and Glue outputs.
• Stored Data: Added PI1.5 to protect stored data from unauthorized modification, theft, or corruption, including checks for S3 versioning/object lock, RDS

Steps to review

Please add a detailed description of how to review this PR.

Checklist

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler:5a25688
Last scan: 2025-12-04 13:53:29 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	3
Total	3

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.62%. Comparing base (eb24736) to head (4f06734).
⚠️ Report is 22 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9462      +/-   ##
==========================================
- Coverage   92.57%   90.62%   -1.96%     
==========================================
  Files         155      834     +679     
  Lines       22023    23532    +1509     
==========================================
+ Hits        20387    21325     +938     
- Misses       1636     2207     +571     

Flag	Coverage Δ
api	?
prowler-py3.10-aws	90.56% <ø> (?)
prowler-py3.11-aws	90.53% <ø> (?)
prowler-py3.12-aws	90.55% <ø> (?)
prowler-py3.9-aws	90.54% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	90.62% <ø> (∅)
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jfagoagas]

Great addition 🎖️