Assess AWS Security with cnspec
Secure your AWS environment by scanning for vulnerabilities and misconfigurations with cnspec.
cnspec secures your AWS environment by finding vulnerabilities and misconfigurations across 70+ AWS services, including EC2, S3, IAM, RDS, Lambda, EKS, CloudTrail, and many more. With 450+ queryable resources, you can query and secure virtually anything in your AWS account.
Assess your AWS account
Assess an AWS Account: Scan your entire AWS account for security best practices across IAM, S3, EC2, RDS, Lambda, EKS, CloudTrail, KMS, and dozens more services.
Scan EC2 instances
cnspec provides multiple ways to scan EC2 instances without installing agents:
- Scan Instances Using SSM: Use AWS Systems Manager to scan EC2 instances remotely.
- Scan Instances Using Instance Connect: Use EC2 Instance Connect to scan instances over SSH without managing keys.
- Scan Instances Using EBS Snapshots: Scan EBS volume snapshots to evaluate instances without connecting to them.
Shift security left with IaC scanning
Mondoo's security policies include variants for both live AWS resources and the infrastructure as code that defines them. The same security checks that cnspec runs against your AWS account can also run against your Terraform and CloudFormation code. One tool, one policy, consistent security from code to cloud.
- Scan Terraform Configurations: Evaluate Terraform HCL files against AWS security policies during development or in CI/CD pipelines.
- Scan CloudFormation Templates: Validate CloudFormation templates against the same security controls you use at runtime.
- Build Secure AMIs with Packer: Scan Packer builds for vulnerabilities and misconfigurations before images reach production.
Continuously scan with Mondoo Platform
Go beyond one-off scans. Use Mondoo Platform and the Mondoo AWS Integration to continuously monitor your AWS accounts. Get a real-time security dashboard, track your posture over time, and catch new misconfigurations as your infrastructure changes.