AWS provides the tools for security.
CloudSploit helps you use them correctly.

Detect Risks in Every AWS Region

Many attackers who gain access to an AWS account embed themselves in unused regions to avoid detection. CloudSploit scans every public AWS region, even the ones you don't actively use.

  • CloudTrail & Config Service
  • Elastic Compute Cloud (EC2)
  • Identity and Access Management (IAM)
  • Virtual Private Cloud (VPC)
  • Relational Database Service (RDS)
  • + many more ...
Get Started

Access Audit Tools and Reports

CloudSploit provides numerous tools and reports to help you isolate and remediate security issues.

  • Public S3 Bucket Detection
  • IAM Permissions Audit
  • Security Group and NACL Reviews
  • CloudFormation Security Scanner
Get Started

Monitor CloudTrail Events in Real Time

CloudSploit Events processes AWS activity in real-time, monitoring your account for suspicious activity.

  • Unknown user sign-ins
  • Root account activity
  • Activity in unused regions
  • Security group rule changes
  • + many more ...
Get Started

How It Works

  • 1
    Create a secure, cross-account IAM role
    Cross-account IAM roles allow CloudSploit to query the AWS API on behalf of your account.
  • 2
    Give the role read-only permissions
    CloudSploit never requires write access to your account. Simply use the built-in AWS Security Audit policy.
  • 3
    Connect your role to CloudSploit
    It takes less than a minute to connect a new role through the CloudSploit dashboard.
  • 4
    Begin scanning
    You can initiate on-demand scans immediately or enable continuous, background scanning.

Frequently Asked Questions

Our support team can answer any other questions that our help page can't.
What AWS services are supported?

Nearly all of AWS's services are supported, including EC2, S3, VPC, ELB, RDS, IAM, KMS, ACM, CloudFront, DynamoDB, Route53, SES, SNS, SQS, and others.

What kinds of configurations are checked?

CloudSploit looks for security-related configurations including network access, encryption, user permissions, access control, least-privilege, and hundreds more.

Can I write custom checks?

Yes. CloudSploit supports custom plugins, enabling you to create your own checks. All checks use the AWS API, so your options are nearly limitless.

Can I limit what AWS services are scanned?

Yes. You can suppress regions, tests, and resources, allowing you to customize the results in your reports.

How are real-time events different than scans?

CloudSploit Events hook into AWS CloudTrail via CloudWatch Events and monitor API activity in real-time. CloudSploit Scans check AWS resource configurations via calls to the AWS API on a periodic basis.

Is CloudSploit's connection to AWS secure?

Yes. CloudSploit uses a third-party cross-account IAM role with external ID and a "SecurityAudit" IAM policy which provides read-only access to your AWS resource metadata.

Ready to test your security?

Get Started Now