AWS Audit


Get the big picture of cloud vulnerabilities fast

An audit tells you how resistant your cloud environment is to the majority of attacks (less sophisticated attacks). It’s easy to start and quick to complete.

You get a professional report clearly setting out the risks plus spreadsheets containing the full data gathered during the audit. Every finding we present to you comes with guidance on possible fixes.

How is my environment assessed?

  • Latest version of the CIS Benchmark for AWS
  • Best practices for secure AWS configuration including recommendations from the AWS Well-Architected Framework
  • Assessment against industry-recognised maturity milestones
  • Common IAM risks including privilege escalation routes, admin users and IAM policy quality checks
  • Unused IAM principals which represent privilege escalation risks

Why is an audit useful?

  • Professional quality report for your use in meetings and presentations
  • Not just a list of technical findings: your report details the security risk posture so you can understand findings in the context of your business
  • Full data behind the report shows you exactly where vulnerabilities lie
  • Guidance on fixes for each finding, giving your engineering team a task list to improve security
  • Driven by tools carefully selected by our team for reliable, vendor-neutral, actionable outputs

Repeat up to 2x at no extra cost

You'll likely see improvements you can make following your audit and want to re-run the audit following your work to check the risk is reduced. For this reason, we grant you two free reruns of the audit within a 30-day period.


How do I get started?

On booking your audit with us, you must configure an IAM role in your AWS account(s) with the access we need, which can be as easy as a few clicks. Once this is in place, we’ll scan your environment and let you know when we’re done so the IAM role can be removed.

Your report will follow within a couple of days.


Frequently Asked Questions

You can repeat an audit up to 2 times within 30 days in order to test fixes. Please get in touch if you want to book regular audits over a longer period.

Auditing is a strictly read-only process. If you follow our instructions and code for creating the IAM role we use to access your account, you will only be granting SecurityAuditor access to the account, which grants read-only access to resource metadata but no underlying data.

For example, SecurityAuditor is not able to read objects from S3 buckets or the content of RDS databases.

Our audit system will only attempt to read data from your account and never write to it.

Our audit is intended to provide a simple way to discover the current security posture of your cloud environment using the best tools available, and receive clear results in one place in an easy-to-use format.

AWS provides a strong suite of security services such as Security Hub, Config and GuardDuty, however, these are harder to discover and use out of the box and AWS does sometimes build new features into brand-new services rather than augmenting existing ones. There are also some features we provide that AWS does not.

Customers generally find that making use of our audit service compliments their use of AWS built-in tools by corroborating the interpretation of risk those tools provide and helping ensure no risks are missed through tool gaps.

We take the accuracy of our security reporting very seriously. While the audit itself is largely automated, we manually quality review reports before they reach you to ensure there are no mistakes, omissions or other errors. Additionally, auditing can take some time to run due to the constraints of the AWS API.

Our Customers
Imperial College London
hm government grey-2
Nationwide grey-1
Omnigen Bio Data