AWS infrastructure security audit

Project goal was to assess the information security level in the AWS infrastructure and supporting practices. The AWS Config Rules were employed to audit the Customer’s use of AWS resources in line with external compliance framework like CIS AWS Foundations Benchmark, and with security policies related to the US Health Insurance Portability and Accountability Act (HIPAA), the Federal Risk and Authorization Management Program (FedRAMP), and other regimes. The audit consisted of two parts: technical verifications and interviews.


During the project, 75 vulnerabilities were discovered in the AWS infrastructure and detailed recommendations on how to mitigate them were given. The audit included the following architecture layers:

  • AWS services
  • Kubernetes clusters and objects
  • Docker images
  • Terraform configs.
This website uses cookies to give you the best experience. Terms & Conditions