100% Free
Our CloudFormation scan comes completely free with all CloudSploit accounts. It's yours to use, forever.
Comprehensive
We perform over 95 checks across over 40 resource types spanning almost every AWS product.
Preventative
Detect risks and implement secure features before you launch infrastructure.

Add Security to "Infrastructure as Code"

AWS CloudFormation enables automated, versioned, repeatable infrastructure described as code. That code can now be checked for potential security risks before it is deployed.

Plugin-Based Scans
Using CloudSploit's plugin approach, new security checks can be added as AWS adds more resources to Cloudformation.

API Access
Cloudformation templates that are built as part of a build pipeline can now be scanned for security risks from remote build servers.

Intuitive Web GUI
Drag-and-drop or paste a template and receive results in seconds. Each result can be clicked, displaying the affected resource.

Get Started

Frequently Asked Questions

Our support team can answer any other questions that our help page can't.
Does the scanner require account access?

No, the Cloudformation scanner does not require any permissions, and does not access an AWS account.

How does the scanner work?

When a template is uploaded, CloudSploit compares the settings for each resource to known-secure values to produce a pass, fail, or warning result.

Does CloudSploit store the results of a scan?

No. CloudSploit's CloudFormation scans are performed entirely in-memory and are not saved anywhere on our systems.

Do I have to use other components of CloudSploit?

No. The CloudFormation scanner is offered as an independent part of the CloudSploit suite (although we'd love if you tried our other services as well!).

What kinds of risks can the scanner detect?

We scan for security groups set to "0.0.0.0/0," KMS keys that don't have rotation enabled, ELBs with invalid SSL configurations, and many more.

Is the scanner accessible via API?

Yes, CloudFormation scans can be triggered via API. Many users integrate this API into their infrastructure build systems. API access requires a paid account.

Ready to test your security?

Get Started Now