AWS provides the tools for security.
CloudSploit helps you use them correctly.

Securely Audit AWS GovCloud Environments

CloudSploit enables you to securely audit your AWS GovCloud accounts for security and compliance violations while maintaining GovCloud's isolated boundaries.

  • CloudTrail & Config Service
  • Elastic Compute Cloud (EC2)
  • Identity and Access Management (IAM)
  • Virtual Private Cloud (VPC)
  • Relational Database Service (RDS)
  • + many more ...
Get Started

Generate Comprehensive GovCloud Security Reports

CloudSploit's security reports highlight security misconfigurations and potential threats in your GovCloud accounts, along with detailed remediation steps and links to official AWS documentation.

Get Started

How It Works

  • 1
    Create a secure, cross-account IAM role
    Cross-account IAM roles allow CloudSploit to query the AWS API on behalf of your account.
  • 2
    Give the role read-only permissions
    CloudSploit never requires write access to your account. Simply use the built-in AWS Security Audit policy.
  • 3
    Create a secure, cross-account IAM role
    Cross-account IAM roles allow CloudSploit to query the AWS API on behalf of your account.
  • 4
    Give the role read-only permissions
    CloudSploit never requires write access to your account. Simply use the built-in AWS Security Audit policy.

Frequently Asked Questions

Our support team can answer any other questions that our help page can't.
What GovCloud services are supported?

Nearly all of GovCloud's services are supported, including S3, EC2, ELB, IAM, VPC, RDS, and more.

What kinds of configurations are checked?

CloudSploit looks for security-related configurations including network access, encryption, user permissions, access control, least-privilege, and hundreds more.

Can I write custom checks?

Yes. CloudSploit supports custom plugins, enabling you to create your own checks. All checks use the GovCloud API, so your options are nearly limitless.

Can I limit what GovCloud services are scanned?

Yes. You can suppress regions, tests, and resources, allowing you to customize the results in your reports.

How much do GovCloud account connections cost?

All GovCloud connections to CloudSploit are billed as single license each. When signing up for a plan, you select how many licenses (GovCloud accounts) you need.

Is CloudSploit's connection to GovCloud secure?

Yes. CloudSploit uses a third-party cross-account IAM role with external ID and a "SecurityAudit" IAM policy which provides read-only access to your AWS resource metadata.

Ready to test your security?

Get Started Now