Question 1

What is CloudAudit and how does it help me?

Accepted Answer

CloudAudit is an automated analysis platform that scans your cloud infrastructure to identify security vulnerabilities, idle resources generating unnecessary costs, and configurations that do not comply with industry best practices.

Question 2

Which cloud providers are supported?

Accepted Answer

We currently support full audits for AWS (Amazon Web Services) environments. We will soon add support for Google Cloud Platform (GCP) and Microsoft Azure.

Question 3

What permissions does CloudAudit need in my AWS account?

Accepted Answer

CloudAudit operates on the principle of least privilege. It only requires read-only permissions through a specialized IAM role (SecurityAudit). We do not have permissions to modify your resources, databases, or configurations.

Question 4

Is my data secure?

Accepted Answer

Absolutely. CloudAudit does not scan or store the data in your databases, S3 buckets, or applications. We only analyze your infrastructure's configuration metadata to generate reports.

Question 5

What's the difference between One-time Audit and Continuous Monitoring?

Accepted Answer

The One-time Audit allows you to perform a single scan of your infrastructure and get a static PDF report. Continuous Monitoring gives you frequent automated scans, access to the CSPM Dashboard to manage findings in real-time, and integrations like direct Slack alerts.

Question 6

How does the Slack integration work?

Accepted Answer

Available on the Continuous Monitoring plan, the Slack integration allows you to connect a webhook from your workspace. CloudAudit will send immediate notifications to your channel when new critical vulnerabilities are detected in your automated scans.