Start your free AWS security scan.

The free scan is the on-ramp to the $499 audit — same deploy, same scan engine, same engineers. Free shows the picture in 15–30 minutes. The $499 unlocks the full inventory in one click. No credit card to start, no discovery call, no spam.

CIS AWS Foundations v1.5 Read-Only IAM Role Top Issues in Minutes

AWS

Free Cloud Audit for AWS

Scan your AWS account for misconfigurations, security gaps, and compliance issues.

Where we send your CloudFormation deploy link and scan results.

12-digit account number. Find it in the AWS Console (top-right account menu). We cross-check this against the account where you deploy the CloudFormation stack — catches the 'signed into the wrong account' case.

Your free scan delivers

Real findings. Not a teaser.

Free is the on-ramp to the $499 Full Audit Report — by design. Same automated scan runs at both tiers. Free returns severity counts, a category breakdown, and top issues; the $499 unlocks every finding with evidence, CVSS scoring, and remediation guidance. One click from your free results page upgrades the report — no re-scoping, no re-deploying, no second form to fill.

Severity Counts

Critical · High · Medium · Low · Informational. Numerical breakdown across all findings. You see the scope before deciding whether to upgrade.

Category Breakdown

Findings split across the 6 audit categories — IAM, Network, Data, Logging, FinOps, Architecture — so you see which area of your AWS account needs attention first.

Top Issues

8–12 representative findings with brief description and category. Full details — evidence, all findings, remediation guidance, and CVSS scoring — are in the $499 Full Audit Report.

The free scan and the $499 report share the same automated audit pipeline. Difference is depth of presentation, not depth of audit. Buyers who need full evidence and compliance documentation upgrade in one click from the results page. Buyers who don’t, don’t — and the free deliverable stands on its own.

After your free scan

If you want depth, we have a path.

Free gives you the picture. The $499 Full Audit Report gives you the full inventory with evidence, severity scoring, CVSS, and remediation guidance. For manual depth on web apps, mobile, APIs, and authenticated business logic, our Pen Test tier starts at $3,499.

Free Scan

You are here

$0

Severity counts · Category breakdown · Top issues

Full Audit Report

$499

All findings · CVSS scoring · Evidence + remediation · CIS v1.5 mapping

Buy Full Report from results page →

Activates from your free scan results page after delivery.

Pen Test

From $3,499

Manual testing by credentialed engineers · OWASP + business logic · Signed PDF report

See Pen Test details →

No pressure to upgrade — the free deliverable is complete on its own. The $499 path is one click from your results page when you need full findings, evidence, and compliance documentation. The Pen Test path is for buyers who need authenticated business-logic depth automation can’t reach.

Trust + privacy

What we do (and never do) with your scan.

What the free scan does

  • Scans your AWS environment via a read-only IAM role across 6 categories: IAM, Network, Data, Logging, FinOps, Architecture.
  • Reads configuration metadata only — no production traffic, no authenticated probing, no payloads delivered.
  • Maps findings to CIS AWS Foundations Benchmark v1.5.
  • Delivers a PDF + live results page available for 90 days.

What we never do

  • No authenticated probing — we don’t attempt logins.
  • No active exploitation — no payloads delivered.
  • No DDoS or load testing — no infrastructure stress.
  • No customer data review — we scan configuration, not records.
  • No sale or sharing of your scan results with third parties.
  • No marketing emails to your address beyond your scan delivery and one optional follow-up.

Your data, your control

Your scan results are yours. Your live results page never expires — we’ll flag it as stale after 90 days with a prompt to re-scan, but the data stays accessible. You can request deletion of your scan record at any time by emailing privacy@cloudupload.tech , processed via our automated GDPR endpoint. Full data handling: see our Privacy Policy.

Read our Privacy Policy →

Common questions

Quick answers.

Fill the short form (name, email, AWS account ID), then deploy our CloudFormation template — one click in your AWS console. The template creates a read-only IAM role; we never get write access. Our scanner reads configuration metadata across 6 categories (IAM, Network, Data, Logging, FinOps, Architecture). Results emailed in 15–30 minutes after the role is deployed. No credit card, no discovery call, no signup required.

Yes — the form above is one. Cloud Upload’s free tier runs the same automated audit pipeline as the paid tier. The free tier returns severity counts (Critical / High / Medium / Low / Informational), a category breakdown across 6 AWS domains, and 8–12 representative findings. The $499 Full Audit Report adds every finding with evidence, CVSS scoring, remediation guidance, and CIS AWS Foundations Benchmark v1.5 mapping per finding.

The Cloud scan covers 6 categories: IAM (identity, access policies, MFA, key rotation), Network (security groups, NACLs, internet exposure), Data (S3 access, encryption, backups), Logging (CloudTrail, audit trails, monitoring coverage), FinOps (cost-related security signals), and Architecture (overall configuration health). Findings are mapped to CIS AWS Foundations Benchmark v1.5.

Cloud scans complete in 15–30 minutes from CloudFormation deploy. The scan runs automatically against your authorized AWS account through the read-only role — no manual review involved at the free tier. Results are emailed to you with a link to your live results page (available for 90 days).

No. The Cloud scan uses your read-only AWS role and only reads configuration metadata — no writes, no production traffic, no authenticated probing. Permissions on the deployed role are limited to API calls that describe configuration; nothing in the role grants ability to modify your account.

Only if you have authorization. Our Terms require that you have admin authorization to deploy the read-only role into the target AWS account. We cross-check the account ID you submit against the account where the CloudFormation stack actually deploys to catch the 'signed into the wrong account' case. Unauthorized scanning of third-party assets violates our Terms and may violate applicable laws.

No. We send your scan results, one optional follow-up if you don’t open the result email, and that’s it. We don’t share your email with third parties. We don’t add you to a marketing list without explicit opt-in. The unsubscribe link in every email works on one click. If something goes wrong, email hello@cloudupload.tech for a human response — typically within 1 business day.

Still have questions? Talk to the Team →