NEW AWS retired Audit Manager - how to still get signed AWS evidence
A customer or investor asked if you're SOC 2 or ISO 27001 ready?

Get the AWS half of your audit done - signed evidence your auditor accepts - in minutes.

Connect a read-only role. We scan your AWS against the controls behind SOC 2, ISO 27001 & PCI and hand you a signed, timestamped report your auditor (or your customer's security team) can verify as genuine. No agent, no write access - we hold only your scan results, not your data. Pay by card, no sales call.

Read-only · Nothing installed · Minimal data · Swiss-made · EU-hosted · Signed & verifiable · Free scan, no card.
Signedverifiable evidence
118automated checks
55+AWS services
5 minto first report

From connect to evidence in three steps

CloudProof scans with read-only access - nothing is installed in your account and no data plane runs there.

Connect

Deploy a read-only IAM role with one CloudFormation template (or run our CLI for air-gapped accounts).

Scan

We evaluate 118 controls across your accounts and every region, mapped to the frameworks you care about.

Prove it

Get a signed, timestamped report (HTML/PDF/CSV/SARIF). Your auditor or customer confirms it's genuine and unedited at /verify - no "trust us." Track drift between audits.

Deep AWS posture - not another noisy dashboard

Built for the platform/security engineer to adopt, and the CISO or compliance lead to sign off.

Signed & verifiable evidence

Every report is cryptographically signed and timestamped. Anyone you send it to confirms it's genuine and unedited at /verify - the thing free scanners and raw JSON dumps can't hand your auditor.

Framework-mapped

One technical check satisfies many controls - CIS 3.1 is also PCI 10.2.1 and NIST AU-2. Plus attestation for the policy/process controls scanners ignore.

Remediation that ships

Every finding comes with AWS CLI, Terraform, CDK and Pulumi fixes - with cost impact and a rollback path.

Drift & history

Timestamped, archivable reports. See what regressed, what got fixed, and your posture trend over time.

Org-wide

Audit a single account or an entire AWS Organization with cross-account role assumption.

Air-gapped option

Regulated or isolated? Run the same engine as a signed, offline-licensed binary on-prem - no SaaS access required.

EU-hosted

Run in the EU with data residency that helps your own GDPR story.

The frameworks your auditor asks for

Technical controls auto-checked; organizational controls captured via attestation with evidence links.

CIS AWS FoundationsAWS FSBPPCI-DSS HIPAASOC 2ISO 27001ISO 27017 NIST 800-53NIST CSFGDPRCCPA

Simple plans. Pick once, get back to work.

Start free for 7 days, then choose a plan. Most teams land on CloudProof Pro - full framework coverage (SOC 2, ISO 27001, HIPAA and more) at a price you can put on a card without a sign-off.

Free

$0
7-day full trial · no card
  • 1 AWS account How many AWS accounts you can connect and scan.
  • CIS + AWS FSBP frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Manual scans How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 7-day history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Start 7-day trial

Single

$99 $82.50 / moSave 17%
billed annually ($990/yr)
  • 1 AWS account How many AWS accounts you can connect and scan.
  • All frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Daily automated scans How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 1-year history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Choose Single

Cancel anytime · 14-day money-back

★ Recommended

Pro

$249 $207.50 / moSave 17%
billed annually ($2,490/yr)
  • Up to 15 AWS accounts How many AWS accounts you can connect and scan.
  • All frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Daily automated scans How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 1-year history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Start with Pro

Cancel anytime · 14-day money-back

Unlimited

$999 $832.50 / moSave 17%
billed annually ($9,990/yr)
  • Unlimited AWS accounts How many AWS accounts you can connect and scan.
  • All frameworks CIS + AWS FSBP are the universal AWS baselines; paid plans add SOC 2, ISO 27001, PCI, HIPAA, NIST and GDPR.
  • Continuous scans (~4h) How often we re-scan. Manual = you click Run scan; Daily ≈ every 24h; Continuous ≈ every 4h.
  • 2+ year history How far back you can open past reports and the widest period an audit evidence pack can cover.
  • Scans all your enabled regions Every scan checks regional resources across all the regions you've enabled — included on every plan.
  • Report exports (PDF / CSV / SARIF) Download your report as PDF, CSV or SARIF. On Free, available during your 7-day trial.
  • Audit evidence pack A signed, over-time record proving your controls held up across the period — what a SOC 2 Type II / ISO auditor samples. On Free, during the 7-day trial.
  • Auditor share links Revocable, expiring read-only links to share a report or pack with your auditor — no account needed. On Free, during the 7-day trial.
  • Drift alerts on new critical/high Get an email the moment a new critical or high-severity problem appears.
  • Single sign-on (SSO) Your team signs in through your company identity provider (OIDC) instead of magic-link emails.
  • Connect a whole AWS Organization Onboard every member account under your AWS Organization from a single connection.
  • Custom frameworks Define your own control→check mappings to match an internal or industry-specific standard.
  • Air-gapped licensed binary Run scans entirely inside your own network with a signed offline binary — nothing leaves your environment.
Choose Unlimited

Cancel anytime · 14-day money-back

Why a subscription? A SOC 2 (Type II) audit checks your controls over a 3-12 month period - auditors want a continuous record, not a one-off scan. A paid plan keeps scanning and builds that timeline; you can't recreate it after the fact.

Pro covers up to 15 AWS accounts with drift history and alerts. Billed monthly or annually (save up to 17% annually). Also available via AWS Marketplace - pay on your existing AWS bill.