Secure Amazon Web Services (AWS) with cnspec

cnspec secures your Amazon Web Services (AWS) environment by finding vulnerabilities and misconfigurations across 80+ AWS services, including EC2, S3, IAM, RDS, Lambda, EKS, CloudTrail, and many more. With 700+ queryable resources, you can query and secure virtually anything in your AWS account.

Assess your AWS account

Secure an AWS Account: Scan an entire AWS account against best practices for IAM, S3, EC2, RDS, Lambda, EKS, CloudTrail, KMS, and dozens of other services.

Scan EC2 instances

cnspec offers multiple ways to scan EC2 instances without installing agents:

• Scan Instances Using SSM: Use AWS Systems Manager to scan EC2 instances remotely.
• Scan Instances Using Instance Connect: Use EC2 Instance Connect to scan instances over SSH without managing keys.
• Scan Instances Using EBS Snapshots: Scan EBS volume snapshots to evaluate instances without connecting to them.

Shift security left with IaC scanning

Mondoo's security policies include variants for both live AWS resources and the infrastructure as code that defines them. The same checks that cnspec runs against your AWS account also run against your Terraform and CloudFormation code. One tool, one policy, consistent security from code to cloud.

• Scan Terraform Configurations: Evaluate Terraform HCL files against AWS security policies during development or in CI/CD pipelines.
• Scan CloudFormation Templates: Validate CloudFormation templates against the same security controls you use at runtime.
• Build Secure AMIs with Packer: Scan Packer builds for vulnerabilities and misconfigurations before images reach production.

Continuously scan with Mondoo Platform

Go beyond one-off scans. Use Mondoo Platform and the Mondoo AWS Integration to continuously monitor your AWS accounts. Get a real-time security dashboard, track your posture over time, and catch new misconfigurations as your infrastructure changes.