← Back to main site
← Services

AWS Security Audit

Structured review of your AWS environment against CIS AWS Foundations Benchmark and security best practices. For CTOs and platform teams who need to reduce misconfiguration risk, prevent data exposure, and prepare for compliance. Covers IAM, S3, network, and logging.

Pricing: €3,000 – €10,000

Service overview

  • Structured review of AWS accounts against CIS AWS Foundations Benchmark and security best practices.
  • For CTOs and platform or infrastructure teams running production workloads on AWS.
  • Solves: misconfiguration risk, excessive permissions, data exposure, and need for a clear path to compliance (e.g. SOC 2, ISO 27001).

Typical security risks discovered

  • Overly permissive IAM: roles with wildcards, unused credentials, missing MFA on root and human accounts.
  • Privilege escalation paths: roles that can modify their own policies or assume higher-privilege roles.
  • S3 exposure: buckets with public read, list, or write; missing encryption or block public access.
  • Network exposure: security groups open to 0.0.0.0/0 where not required; missing segmentation or flow logs.
  • Logging gaps: CloudTrail disabled or not in all regions; no Config or GuardDuty; short retention.
  • Secrets in plaintext: credentials in user data, environment variables, or unencrypted parameters.

Assessment scope

  • IAM: root and MFA, IAM policies and roles, least privilege, cross-account access, identity provider config.
  • S3 and storage: bucket policies, ACLs, block public access, encryption (SSE-KMS, SSE-S3), versioning.
  • Network: VPC design, security groups, NACLs, flow logs, peering and transit gateway if applicable.
  • Logging and monitoring: CloudTrail (multi-region, integrity), Config, GuardDuty, retention and alerting.
  • CIS AWS Foundations Benchmark alignment and prioritised exceptions.

Deliverables

  • Report aligned with CIS (or agreed framework) with findings, risk ratings, and affected resources.
  • Summary of IAM and S3 exposure and other high-impact misconfigurations.
  • Prioritised remediation plan with concrete steps and AWS config changes.
  • Optional re-test after changes to confirm findings are resolved.

Expected outcomes

  • Reduced risk of data exposure, account takeover, or lateral movement due to misconfiguration.
  • Clear path to align with SOC 2, ISO 27001, or other frameworks that reference CIS or AWS best practices.
  • Hardened IAM and storage posture with actionable, prioritised remediation.
  • Optional re-test to validate remediation.
Request a consultation

Support my work

If my articles, case studies, or security resources helped you, you can support my work. Your support helps me maintain free content and keep publishing practical security guides.

Revolut

Quick support in seconds.

Buy me a spritz

Bank transfer (EUR)

If you prefer a traditional bank transfer, request IBAN and bank details via the contact form

Request bank details

Support is optional. For consulting or security work, please use the Services or Contact pages.