AWS infrastructure security audit

Project goal was to assess the information security level in the AWS infrastructure and supporting practices. The AWS Config Rules were used to audit the Customer’s use of AWS resources for compliance with external compliance framework such as CIS AWS Foundations Benchmark and with security policies related to the US Health Insurance Portability and Accountability Act (HIPAA), the Federal Risk and Authorization Management Program (FedRAMP), and other regimes. The audit consisted of two parts: technical verifications and interviews.


During the project, 75 vulnerabilities were found in the AWS infrastructure with detailed recommendations on how to mitigate them. The audit included the following architecture layers:

  • AWS services
  • Kubernetes clusters and objects
  • Docker images
  • Terraform configs
This website uses cookies to give you the best experience. Terms & Conditions