Skip to content

Memory Leak in Prowler AWS Provider #7454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
collin-miller opened this issue Apr 7, 2025 · 3 comments
Open

Memory Leak in Prowler AWS Provider #7454

collin-miller opened this issue Apr 7, 2025 · 3 comments
Assignees
@danibarranqueroo
Labels
bug severity/low Bug won't result in any noticeable breakdown of the execution. status/waiting-for-revision Waiting for maintainer's revision

Comments

@collin-miller
Copy link

collin-miller commented Apr 7, 2025
edited
Loading

Steps to Reproduce

I am running prowler as a cronjob on Kubernetes and recently noticed the job was not running to completion. We have had prowler running as a cronjob for approximately 9 months without issues.

Pod memory limit was set to 2gb. While the pod memory was set to 2gb the pod would crash part way through completion. After I increased the limit to 6gb jobs are completing successfully.

After investigation I believe there is a memory leak in the Prowler AWS scanner leading the job to OOM. The Kubernetes memory profile shows the memory utilization is slowly climbing and finally peaks somewhere around ~5.5 gbs.

I am running Prowler 4.6.2.

prowler aws --region us-east-1 us-west-1 --output-directory dirname --output-filename 2025-04-05T03:00:36.183444 --ignore-exit-code-3 --only-logs --log-level INFO --mutelist-file mutelist.yaml --role arn:aws:iam::12345678912:role/prowler-role --output-bucket-no-assume bucket-name

Expected behavior

I don't believe it should take around 6 gb of memory to run prowler against one AWS account.

Actual Result with Screenshots or Logs

Image

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

EKS

OS used

Debian 12

python:3.12-slim docker image

Prowler version

Prowler 4.6.2 (latest is 5.4.3, upgrade for the latest features)

Pip version

pip 24.3.1 from /usr/local/lib/python3.12/site-packages/pip (python 3.12)

Context

No response
@collin-miller collin-miller added bug status/needs-triage Issue pending triage labels Apr 7, 2025
@collin-miller collin-miller changed the title Possible Memory Leak Memory Leak Apr 7, 2025
@collin-miller collin-miller changed the title Memory Leak Memory Leak in Prowler AWS Provider Apr 7, 2025
@danibarranqueroo
Copy link
Member

Hi @collin-miller!
Thanks for reaching out and providing detailed information. I’ll check this with the team and see how we can help identify and address the potential memory issue.
We’ll get back to you as soon as we have more insights. Thanks for your patience!

@danibarranqueroo danibarranqueroo added status/waiting-for-revision Waiting for maintainer's revision severity/high Bug capable of collapsing large parts of the execution. and removed status/needs-triage Issue pending triage labels Apr 8, 2025
@danibarranqueroo
Copy link
Member

Hello again! After reviewing it, that memory is expected and now our recommendation is 8GB, we will update our docs so it's clearer for everyone to know it.
Thanks for using Prowler! 🚀

@danibarranqueroo danibarranqueroo added severity/low Bug won't result in any noticeable breakdown of the execution. and removed severity/high Bug capable of collapsing large parts of the execution. labels Apr 9, 2025
@danibarranqueroo danibarranqueroo self-assigned this Apr 11, 2025
@collin-miller
Copy link
Author

@danibarranqueroo Thank you for looking into this!

I am still suprised by the increased memory utilization. Were there any changes that drastically increased the memory requirements? I'm surprised since I had been running on 2gb of memory for previous versions. It seems like upgrading to the latest version of prowler 4 is when I ran into this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danibarranqueroo danibarranqueroo

Labels
bug severity/low Bug won't result in any noticeable breakdown of the execution. status/waiting-for-revision Waiting for maintainer's revision
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@collin-miller @danibarranqueroo