Secure Access

We use API keys with HMAC256 signatures for authentication. AWS access is always read-only.

Real-time Results

Initiate scans and poll for results in real-time. Get the latest results whenever they're needed.


Use all of our plugins, just one, or a custom set - the choice is yours.

For AWS Account Users

All CloudSploit Premium account users can access existing scan results, as well as trigger new, real-time scans for all upgraded AWS accounts connected to CloudSploit.

Simply generate an API key and begin scanning. Each scan is triggered on an existing connected account, so the AWS connection details are stored securely within CloudSploit and do not have to be passed with the request.

Existing scan details from CloudSploit's regularly scheduled scans can be retrieved for analysis or comparison.

For Consultants and Developers

Our API-Only plan allows for scanning of any AWS account (assuming the correct permissions have been added), not just those previously connected to CloudSploit.

Use an AWS role ARN and external ID or access key and secret to initiate a scan. CloudSploit will return the complete set of results for your application to consume.

Pricing is based on the number of scans performed each cycle, with options for bulk requests. CloudSploit's API is an excellent way to add security features to your existing AWS offerings and further secure your users.

Frequently Asked Questions

Our support team can answer any other questions that our help page can't.

How do I access the CloudSploit API?

First, ensure you are enrolled in a Premium or API-Only plan. Then, generate an API key and secret so that you can sign your requests. Visit the documentation for complete details.

Can I access all CloudSploit functionality through the API?

Yes, for all of the core functionality. The only actions we limit are ones sensitive to the account itself, such as changing your payment plan or adding billing details.

Are the results returned via the API complete?

Yes. CloudSploit will return the complete set of results for the scan, including our pass/warn/fail designations, remediation steps, and affected resource information.

Is the API rate-limited?

Yes. To prevent AWS-imposed rate limits, we burst-limit the scanning of each connected account to once every 15 minutes, or 750 times per month (enough for an average of once every hour).

Can I limit what AWS services are scanned?

Yes. By default, all plugins are used. However, you can optionally provide a list of plugins that should be executed for the scan. The list of available plugins is also available via API.

Can I integrate CloudSploit into a CI/CD pipeline?

Yes. CloudSploit can scan CloudFormation templates for early-stage detection of risks, as well as live resources. You can invoke the API from any CI/CD server or elsewhere with network access.

Ready to test your security?

Sign up and begin scanning within minutes

Get Started