AWS Cloudformation Audit

Audit your Cloudformation to safe gaurd your data

What we do?

CloudFormation Deletion Policy in Use

Ensure that a deletion policy, implemented with the DeletionPolicy attribute, is used for your Amazon CloudFormation stacks in order preserve or backup AWS resources when the stacks are deleted.

Addresses: Security, Operational Maturity

Check CloudFormation Drift Detection

Ensure that your AWS CloudFormation stacks are not drifted from their expected template configuration. A CloudFormation stack is considered to have drifted from its configuration if one or more of its resources have been drifted.

Addresses: Operational Maturity, Reliability

CloudFormation (or IaC) should be used

Ensure that Amazon CloudFormation is used within your AWS account to automate your cloud infrastructure management and deployment.

Addresses: Operational Maturity

Check CloudFormation Stack Failed Status

Ensure that none of your Amazon CloudFormation stacks are in "Failed" mode for more than 6 hours.

Addresses: Operational Maturity

Check CloudFormation Stack Policy

Ensure your AWS CloudFormation stacks are using policies as a fail-safe mechanism in order to prevent accidental updates to stack resources.

Addresses: Security

CloudFormation Stack with IAM Role

Ensure that the IAM service role associated with your Amazon CloudFormation stack adhere to the principle of least privilege in order avoid unwanted privilege escalation.

Addresses: Security

Enable AWS CloudFormation Stack Notifications

Ensure all your AWS CloudFormation stacks are using Simple Notification Service (AWS SNS) in order to receive notifications when an event occurs.

Addresses: Security

Enable AWS CloudFormation Stack Termination Protection

Ensure that Amazon CloudFormation stacks have Termination Protection feature enabled in order to protect them from being accidentally deleted.

Addresses: Security


Not ready for a free signup yet? No worries!

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.