NEW AWS retired Audit Manager — how to still get signed AWS evidence
A customer or investor asked if you're SOC 2 or ISO 27001 ready?

Get the AWS half of your audit done — signed evidence your auditor accepts — in minutes.

Connect a read-only role. We scan your AWS against the controls behind SOC 2, ISO 27001 & PCI and hand you a signed, timestamped report your auditor (or your customer's security team) can verify as genuine. No agent, no write access — we hold only your scan results, not your data. Pay by card, no sales call.

Run a free scanSee a live demo
Read-only · Nothing installed · Minimal data · Signed & verifiable · Free scan, no card.
New to all this? Start with our plain-English compliance guide →
Signedverifiable evidence
118automated checks
55+AWS services
5 minto first report

From connect to evidence in three steps

CloudProof scans with read-only access — nothing is installed in your account and no data plane runs there.

Connect

Deploy a read-only IAM role with one CloudFormation template (or run our CLI for air-gapped accounts).

Scan

We evaluate 118 controls across your accounts and every region, mapped to the frameworks you care about.

Prove it

Get a signed, timestamped report (HTML/PDF/CSV/SARIF). Your auditor or customer confirms it's genuine and unedited at /verify — no "trust us." Track drift between audits.

Deep AWS posture — not another noisy dashboard

Built for the platform/security engineer to adopt, and the CISO or compliance lead to sign off.

Signed & verifiable evidence

Every report is cryptographically signed and timestamped. Anyone you send it to confirms it's genuine and unedited at /verify — the thing free scanners and raw JSON dumps can't hand your auditor.

Framework-mapped

One technical check satisfies many controls — CIS 3.1 is also PCI 10.2.1 and NIST AU-2. Plus attestation for the policy/process controls scanners ignore.

Remediation that ships

Every finding comes with AWS CLI, Terraform, CDK and Pulumi fixes — with cost impact and a rollback path.

Drift & history

Timestamped, archivable reports. See what regressed, what got fixed, and your posture trend over time.

Org-wide

Audit a single account or an entire AWS Organization with cross-account role assumption.

Air-gapped option

Regulated or isolated? Run the same engine as a signed, offline-licensed binary on-prem — no SaaS access required.

EU-hosted

Run in the EU with data residency that helps your own GDPR story.

The frameworks your auditor asks for

Technical controls auto-checked; organizational controls captured via attestation with evidence links.

CIS AWS FoundationsAWS FSBPPCI-DSS HIPAASOC 2ISO 27001ISO 27017 NIST 800-53NIST CSFGDPRCCPA

Simple plans. Pick once, get back to work.

Start free for 7 days, then choose a plan. Most teams land on CloudProof Pro — full coverage at a price you can put on a card without a sign-off.

Free

$0
7-day trial
  • 1 AWS account
  • CIS + AWS FSBP
  • Unlimited scans for 7 days
  • HTML / JSON reports
  • Reports stay viewable
Start 7-day trial

Single

$990 / yr
$82.50 / mo · billed yearly
  • 1 AWS account
  • All frameworks + attestation
  • Scheduled daily scans
  • PDF / CSV / SARIF export
  • 1-year history
Choose Single
★ Most coverage per $

Pro

$2,490 / yr
≈ $207 / mo · billed yearly
  • Up to 15 AWS accounts
  • Everything in Single
  • Drift & trend history
  • SSO single sign-on (OIDC)
  • Email alerts & priority support
Start with Pro

Enterprise

from $9,990 / yr
unlimited / org-wide
  • Everything in Pro, unlimited accounts
  • Air-gapped licensed binary
  • Org-wide scanning & custom frameworks
  • SLA, DPA / BAA, dedicated support
Contact sales

Pro covers up to 15 AWS accounts with drift history and alerts. Billed monthly or annually (2 months free). Also available via AWS Marketplace — pay on your existing AWS bill.