Connect a read-only role and get your security posture against CIS, AWS FSBP, PCI-DSS, HIPAA, SOC 2, ISO 27001 and NIST — 117 automated checks across 56 services, with audit-ready reports and drift over time.
CloudProof scans with read-only access — nothing is installed in your account and no data plane runs there.
Deploy a read-only IAM role with one CloudFormation template (or run our CLI for air-gapped accounts).
We evaluate 117 controls across your accounts and every region, mapped to the frameworks you care about.
Share an audit-ready report (HTML/PDF/CSV/SARIF), track drift over time, and hand evidence to your auditor.
Built for the platform/security engineer to adopt, and the CISO or compliance lead to sign off.
One technical check satisfies many controls — CIS 3.1 is also PCI 10.2.1 and NIST AU-2. Plus attestation for the policy/process controls scanners ignore.
Every finding comes with AWS CLI, Terraform, CDK and Pulumi fixes — with cost impact and a rollback path.
Timestamped, archivable reports. See what regressed, what got fixed, and your posture trend over time.
Audit a single account or an entire AWS Organization with cross-account role assumption.
Regulated or isolated? Run the same engine as a signed, offline-licensed binary on-prem — no SaaS access required.
Run in the EU with data residency that helps your own GDPR story.
Technical controls auto-checked; organizational controls captured via attestation with evidence links.
Start free for 7 days, then choose a plan. Most teams land on CloudProof Pro — full coverage at a price you can put on a card without a sign-off.
Just $10 more than Single gets you 10× the accounts — that's why most teams pick Pro. Billed monthly or annually (2 months free). Also available via AWS Marketplace — pay on your existing AWS bill.