Integrations/Amazon Web Services (AWS)

Core Security Platforms

Amazon Web Services (AWS) Integration

Capture exportable evidence from Amazon Web Services (AWS) on a schedule you control. Evidence includes source details and timestamps so reviewers can verify without meetings.

CloudDirect connectionEvidence captureContinuous checksUpdates every 1 hours7 mapped controls

Common coverage includes Backups, Cloud audit logging, and Cloud Security Management --- Cloud security management.

Get a 15-Minute Walkthrough View a Sample Reviewer Export

No obligation. We’ll start with the export format.

View Setup Guide

At a Glance

Best for

Continuous checks and evidence capture

Auth

Aws Assume Role

Cadence

Every 1 hours

Setup time

10 to 20 minutes

Framework coverage

Aurora Essentials (Baseline Control Set) and 52 more

Checks Evidence Frameworks

Browse All Integrations Open in Dashboard

Proof outputs

Buyer-recognizable deliverables you can ship on demand.

Setup

A short path from connection to an exportable evidence bundle.

01

Connect Amazon Web Services (AWS)

Sign-in method: Aws Assume Role. Start with least-privilege access where supported.

02

Confirm Evidence Sources and Cadence

Confirm evidence sources and set cadence (every 1 hours).

03

Validate Capture (Read-Only Where Possible)

Validate evidence capture in read-only mode (where possible) before expanding workflows.

04

Map Evidence to Controls

Map captured artifacts to controls (7 mapped controls listed).

05

Export an Evidence Bundle

Export an evidence bundle (ZIP) you can attach to reviewer-ready exports.

Capture

What This Integration Captures

Evidence types and collection notes, based on the integration’s published resources.

What Aurora monitors

32 continuous checks

AWS CloudTrail is enabled in all regions • AWS CloudTrail is enabled and healthy

Evidence Aurora can collect

5 evidence types

Accounts • User accounts

How it stays current

Incremental updates every 1 hours. Full refresh daily.

Checks update as new data is synced.

Checks

Automated checks Aurora can run

Checks map directly to common buyer requirements. Reviewers see the result as exportable evidence, not a screenshot.

AWS CloudTrail is enabled in all regions

AWS CloudTrail is enabled and healthy

AWS CloudTrail log file validation is enabled

AWS CloudTrail logs are encrypted with KMS

AWS CloudTrail includes global service events

AWS CloudTrail logs all management events (read/write)

CloudTrail destination S3 buckets deny insecure transport

CloudTrail destination S3 buckets have default encryption enabled

CloudTrail destination S3 buckets have versioning enabled

CloudTrail destination S3 buckets enforce Public Access Block

AWS Organizations management account has an Organization Trail enabled

S3 public access block is enabled account-wide

And 20 more checks.

Evidence

Evidence types collected

These evidence objects can be mapped to controls and exported as an evidence bundle or audit workbook snapshot.

AccountsUser accountsResourceFindingsJob

Produces

Evidence objects with source details
Freshness and cadence status
Evidence bundle exports (plan-based)

Security Note

Read-only API, scoped credentials, and an audit trail (where supported by the connector and your environment).

Cadence Controls

Incremental updates every 1 hours. Full refresh daily.

Reviewers

Why It Matters for Reviewers

A few ways this reduces follow-ups during audits and buyer reviews.

Reduces “show me” follow-ups by attaching system exports to answers.
Keeps timestamps explicit for audit windows.
Makes sampling easier through evidence bundles.

Frameworks

Controls and Frameworks Impacted

A quick sense of which frameworks this connector helps cover (based on mapped controls).

Aurora Essentials (Baseline Control Set)

AURORA_ESS

7 controls

CSA Consensus Assessments Initiative Questionnaire (CAIQ) v4.0.3

CAIQ

5 controls

CSA Cloud Controls Matrix (CCM) v4.0.12

CCM

5 controls

Cyber Risk Institute Profile (CRI)

CRI_PROFILE

5 controls

AWS Foundational Technical Review (FTR) Validation Checklist

AWS_FTR

4 controls

FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5

FEDRAMP_REV5_HIGH_BASELINE

4 controls

FedRAMP Security Controls Baseline (Low) - NIST SP 800-53 Rev. 5

FEDRAMP_REV5_LOW_BASELINE

4 controls

FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5

FEDRAMP_REV5_MODERATE_BASELINE

4 controls

FedRAMP 20x (Phase 2 Pilot) Requirements, Recommendations, and KSIs

FEDRAMP20X

4 controls

OWASP Application Security Verification Standard (ASVS)

OWASP_ASVS_5_0_0

4 controls

SOC 2

SOC2

4 controls

StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5)

STATERAMP

4 controls

Not sure what you need? Get mapping help

FAQ

Amazon Web Services (AWS) Integration Questions

Short answers to common evaluation questions.

Does this require admin access?

It depends on the evidence you choose to capture. We’ll confirm required permissions during setup.

Can we control cadence?

Yes. In eligible plans, cadence is configurable.

Can we export evidence for reviewers?

Yes. Captured artifacts can be included in evidence bundles and reviewer-ready exports.

Next step

Want to Confirm Evidence Coverage for Amazon Web Services (AWS)?

Bring one reviewer request. We’ll map which artifacts matter and what you can export today.

Get a 15-Minute WalkthroughView a Sample Reviewer ExportBrowse Integrations

No obligation. We respond within one business day. We will show a sample reviewer-ready export.