100% Free

Our CloudFormation scan comes completely free with all CloudSploit accounts. It's yours to use, forever.

Comprehensive

We perform over 90 checks across over 40 resource types spanning almost every AWS product.

Preventative

Detect risks and implement secure features before you launch infrastructure.

Adding security to "infrastructure as code"

AWS CloudFormation enables automated, versioned, repeatable infrastructure described as code. That code can now be checked for potential security risks before it is deployed.

Plugin-Based Scans

Using CloudSploit's plugin approach, new security checks can be added as AWS adds more resources to CloudFormation.

API Access

CloudFormation templates that are built as part of a build pipeline can now be scanned for security risks from remote build servers.

Intuitive Web GUI

Drag-and-drop or paste a template and receive results in seconds. Each result can be clicked, displaying the affected resource.


Frequently Asked Questions

Our support team can answer any other questions that our help page can't.

Does the scanner require account access?

No, the CloudFormation scanner does not require any permissions, and does not access an AWS account.

Does CloudSploit store the results of a scan?

No. CloudSploit's CloudFormation scans are performed entirely in-memory and are not saved anywhere on our systems.

What kinds of risks can the scanner detect?

We scan for security groups set to "0.0.0.0/0," KMS keys that don't have rotation enabled, ELBs with invalid SSL configurations, and many more.

How does the scanner work?

When a template is uploaded, CloudSploit compares the settings for each resource to known-secure values to produce a pass, fail, or warning result.

Do I have to use other components of CloudSploit?

No. The CloudFormation scanner is offered as an independent part of the CloudSploit suite (although we'd love if you tried our other services as well!)

Why is the scanner in beta?

We've spent a lot of time adding support for lots of services, but there is still work to do. To report an issue to improve the service, please submit a ticket.

Ready to test your security?

Sign up and begin scanning within minutes

Get Started