Get the AWS half of your audit done — signed evidence your auditor accepts — in minutes.
Connect a read-only role. We scan your AWS against the controls behind SOC 2, ISO 27001 & PCI and hand you a signed, timestamped report your auditor (or your customer's security team) can verify as genuine. No agent, no write access — we hold only your scan results, not your data. Pay by card, no sales call.
From connect to evidence in three steps
CloudProof scans with read-only access — nothing is installed in your account and no data plane runs there.
Connect
Deploy a read-only IAM role with one CloudFormation template (or run our CLI for air-gapped accounts).
Scan
We evaluate 118 controls across your accounts and every region, mapped to the frameworks you care about.
Prove it
Get a signed, timestamped report (HTML/PDF/CSV/SARIF). Your auditor or customer confirms it's genuine and unedited at /verify — no "trust us." Track drift between audits.
Deep AWS posture — not another noisy dashboard
Built for the platform/security engineer to adopt, and the CISO or compliance lead to sign off.
Signed & verifiable evidence
Every report is cryptographically signed and timestamped. Anyone you send it to confirms it's genuine and unedited at /verify — the thing free scanners and raw JSON dumps can't hand your auditor.
Framework-mapped
One technical check satisfies many controls — CIS 3.1 is also PCI 10.2.1 and NIST AU-2. Plus attestation for the policy/process controls scanners ignore.
Remediation that ships
Every finding comes with AWS CLI, Terraform, CDK and Pulumi fixes — with cost impact and a rollback path.
Drift & history
Timestamped, archivable reports. See what regressed, what got fixed, and your posture trend over time.
Org-wide
Audit a single account or an entire AWS Organization with cross-account role assumption.
Air-gapped option
Regulated or isolated? Run the same engine as a signed, offline-licensed binary on-prem — no SaaS access required.
EU-hosted
Run in the EU with data residency that helps your own GDPR story.
The frameworks your auditor asks for
Technical controls auto-checked; organizational controls captured via attestation with evidence links.
Simple plans. Pick once, get back to work.
Start free for 7 days, then choose a plan. Most teams land on CloudProof Pro — full framework coverage (SOC 2, ISO 27001, HIPAA and more) at a price you can put on a card without a sign-off.
Free
- All frameworks unlocked for 7 days — SOC 2, ISO 27001, HIPAA…
- 1 AWS account · report downloads included
- Then: CIS + AWS FSBP, view-only
- No credit card to start
Single
- 1 AWS account
- SOC 2, ISO 27001, HIPAA + all frameworks & attestation
- Scheduled daily scans
- PDF / CSV / SARIF export
- 1-year history
Pro
- Up to 15 AWS accounts
- Everything in Single
- Drift & trend history
- SSO included — no SSO tax (OIDC)
- Email alerts & priority support
Enterprise
- Everything in Pro, unlimited accounts
- Air-gapped licensed binary
- Org-wide scanning & custom frameworks
- SLA, DPA / BAA, dedicated support
Why a subscription? A SOC 2 (Type II) audit checks your controls over a 3–12 month period — auditors want a continuous record, not a one-off scan. A paid plan keeps scanning and builds that timeline; you can't recreate it after the fact.
Pro covers up to 15 AWS accounts with drift history and alerts. Billed monthly or annually (2 months free). Also available via AWS Marketplace — pay on your existing AWS bill.