NEW AWS retired Audit Manager — how to still get signed AWS evidence
A customer or investor asked if you're SOC 2 or ISO 27001 ready?

Get the AWS half of your audit done — signed evidence your auditor accepts — in minutes.

Connect a read-only role. We scan your AWS against the controls behind SOC 2, ISO 27001 & PCI and hand you a signed, timestamped report your auditor (or your customer's security team) can verify as genuine. No agent, no write access — we hold only your scan results, not your data. Pay by card, no sales call.

Run a free scanSee a live demo
Read-only · Nothing installed · Minimal data · Signed & verifiable · Free scan, no card.
New to all this? Start with our plain-English compliance guide →
Signedverifiable evidence
118automated checks
55+AWS services
5 minto first report

From connect to evidence in three steps

CloudProof scans with read-only access — nothing is installed in your account and no data plane runs there.

Connect

Deploy a read-only IAM role with one CloudFormation template (or run our CLI for air-gapped accounts).

Scan

We evaluate 118 controls across your accounts and every region, mapped to the frameworks you care about.

Prove it

Get a signed, timestamped report (HTML/PDF/CSV/SARIF). Your auditor or customer confirms it's genuine and unedited at /verify — no "trust us." Track drift between audits.

Deep AWS posture — not another noisy dashboard

Built for the platform/security engineer to adopt, and the CISO or compliance lead to sign off.

Signed & verifiable evidence

Every report is cryptographically signed and timestamped. Anyone you send it to confirms it's genuine and unedited at /verify — the thing free scanners and raw JSON dumps can't hand your auditor.

Framework-mapped

One technical check satisfies many controls — CIS 3.1 is also PCI 10.2.1 and NIST AU-2. Plus attestation for the policy/process controls scanners ignore.

Remediation that ships

Every finding comes with AWS CLI, Terraform, CDK and Pulumi fixes — with cost impact and a rollback path.

Drift & history

Timestamped, archivable reports. See what regressed, what got fixed, and your posture trend over time.

Org-wide

Audit a single account or an entire AWS Organization with cross-account role assumption.

Air-gapped option

Regulated or isolated? Run the same engine as a signed, offline-licensed binary on-prem — no SaaS access required.

EU-hosted

Run in the EU with data residency that helps your own GDPR story.

The frameworks your auditor asks for

Technical controls auto-checked; organizational controls captured via attestation with evidence links.

CIS AWS FoundationsAWS FSBPPCI-DSS HIPAASOC 2ISO 27001ISO 27017 NIST 800-53NIST CSFGDPRCCPA

Simple plans. Pick once, get back to work.

Start free for 7 days, then choose a plan. Most teams land on CloudProof Pro — full framework coverage (SOC 2, ISO 27001, HIPAA and more) at a price you can put on a card without a sign-off.

Free

$0
7-day full trial · no card
  • 1 AWS account How many AWS accounts you can connect and scan.
  • CIS + AWS FSBP frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Manual scans How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 7-day history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Start 7-day trial

Single

$990 / yr
$82.50 / mo · billed yearly
  • 1 AWS account How many AWS accounts you can connect and scan.
  • All frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Daily automated scans How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 1-year history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Choose Single
★ Recommended

Pro

$2,490 / yr
≈ $207 / mo · billed yearly
  • Up to 15 AWS accounts How many AWS accounts you can connect and scan.
  • All frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Daily automated scans How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 1-year history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Start with Pro

Unlimited

$9,990 / yr
unlimited / org-wide
  • Unlimited AWS accounts How many AWS accounts you can connect and scan.
  • All frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Continuous scans (~4h) How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 2+ year history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Choose Unlimited

Why a subscription? A SOC 2 (Type II) audit checks your controls over a 3–12 month period — auditors want a continuous record, not a one-off scan. A paid plan keeps scanning and builds that timeline; you can't recreate it after the fact.

Pro covers up to 15 AWS accounts with drift history and alerts. Billed monthly or annually (2 months free). Also available via AWS Marketplace — pay on your existing AWS bill.