Overview

ComplyJet’s AWS integration gives you always-on visibility into every critical layer of your cloud stack—compute, containers, storage, data, networking, and identity. We automatically pull configuration and runtime evidence straight from AWS, map it to 20 + security and privacy frameworks (SOC 2, ISO 27001, GDPR, HIPAA etc.), and surface issues in real time so you can prove—and keep—compliance without the spreadsheet grind.

With native connectors for services such as Amazon EC2, EKS, S3, RDS, and IAM (plus GuardDuty, CloudTrail, Inspector, and more), ComplyJet becomes your single source of audit-ready truth across every AWS account and region—built for the speed, scale, and budgets of SaaS startups.

Supported AWS Resources

ComplyJet monitors these core AWS services—spanning compute, storage, databases, containers, serverless, messaging, and identity—to give you full-stack, always-on visibility.

• Amazon EC2
• Amazon S3
• Amazon RDS
• Amazon ECS
• Amazon DynamoDB
• Amazon DocumentDB
• Amazon EKS
• Elastic Load Balancing (ELB / ALB / NLB)
• Amazon SQS
• AWS Lambda
• Amazon ECR
• AWS Identity & Access Management (IAM)
• AWS IAM Identity Center
• AWS App Runner

Supported Automated Tests

ComplyJet runs 50+ prebuilt, continuously-executing security tests across your AWS environment—covering identity, network, data, logging, and compliance benchmarks—to detect misconfigurations and surface real-time risks.

• Access-account MFA enabled
• Account access removed on termination
• S3 buckets encrypted
• S3 buckets versioned
• EKS audit logs enabled
• EKS control-plane access restricted
• DocumentDB CPU usage alarmed
• DocumentDB free memory alarmed
• EKS private endpoint enabled
• DocumentDB read IOPS alarmed
• EKS security group attached
• CloudTrail enabled
• CloudTrail file validation enabled
• DocumentDB daily backups
• RDS daily backups enabled
• RDS CPU usage alarmed
• RDS free memory alarmed
• RDS I/O throughput alarmed
• DocumentDB encryption at rest
• DynamoDB encryption at rest
• EC2 firewall exists
• ECS service firewall exists
• ECS standalone task firewall exists
• GuardDuty enabled
• EC2 IMDSv1 disabled
• Root account unused
• IAM password policy configured
• Lambda error rate alarmed
• Load balancer configured
• Load balancer health checks alarmed
• Load balancer HTTP→HTTPS redirect enforced
• Load balancer latency alarmed
• Load balancer 5xx errors alarmed
• MFA enabled on root account
• No inline IAM user policies
• GuardDuty notifications enabled
• DynamoDB PITR backups enabled
• S3 public access blocked
• EC2 public ports restricted
• ECS service public ports restricted
• ECS task public ports restricted
• RDS public ports restricted
• EC2 public SSH denied
• SQS message age alarmed
• IAM access keys rotated regularly
• EKS roles use minimal wildcard permissions
• EC2 CPU utilization alarmed
• IAM service accounts used
• Unique AWS access accounts enforced