Continuously Scan with an AWS Integration
The Mondoo AWS integration lets you continuously monitor the security and compliance of your AWS account, EC2 instances, EKS clusters, EBS volumes, and more. Choose between a Mondoo-hosted integration and a serverless integration:
-
A Mondoo-hosted AWS integration requires no agent installed to your AWS infrastructure and incurs no AWS cost. It's easy to set up and provides a higher level of stability. You can scan individual AWS accounts only; not an entire AWS Organization. This approach requires that you give Mondoo an AWS access key and secret.
-
A serverless AWS integration uses an AWS Lambda function and CloudFormation to perform scheduled scans of an account or an entire AWS Organization. It doesn't require sharing AWS credentials with Mondoo because scans run within your AWS infrastructure. A serverless integration is more complex to set up and does incur a small AWS cost.
| Mondoo-hosted | Serverless | |
|---|---|---|
| Continuous AWS account scanning | ✔️ | ✔️ |
| Continuous AWS Organization scanning | ✖️ | ✔️ |
| Agentless | ✔️ | ✖️ |
| Requires an AWS Lambda function | ✖️ | ✔️ |
| Stability | Highest; not subject to API limits | High, but very large accounts can exceed API limits |
| Complexity | Easy | Requires installation in your environment |
| Infrastructure cost | No additional AWS cost | Small AWS cost |
| Security | High; Mondoo securely stores the credentials for your environment | Highest; share no AWS credentials with Mondoo |