Skip to content
Integrations/Amazon Web Services (AWS)
Core Security Platforms

Use Amazon Web Services (AWS) As a Review-Ready Evidence Source

Pull evidence from Amazon Web Services (AWS), preserve source and collection history, and map the output directly to the controls reviewers ask about. Aurora automates recurring collection where the connector supports it and keeps export-based handoffs clean where it does not.

CloudDirect connectionEvidence captureContinuous checksUpdates every 1 hour7 mapped controls
Common coverage includes Backups, Cloud audit logging, and Cloud Security Management.
Request a 15-Minute Walkthrough Setup Guide
Supports recurring audits, buyer reviews, and renewal requests. We'll show what can run automatically and where export-based collection still makes sense.
Explore Trust CenterBrowse Integrations
Connector Summary
Best for
Continuous checks and evidence capture
Authentication
AWS Assume Role
Cadence
Every 1 hour
Setup time
10 to 20 minutes
Framework coverage
Aurora Essentials (Baseline Control Set) and 93 more
Imported execution-stage guidance
Frameworks
76
Preferred requirement mappings
3,541
Candidate requirement mappings
718
Auth: Api Token Or RoleCollection: Integration ApiEvidence objects: technical_state_snapshot, config_extract
ChecksEvidenceFrameworks
Browse All IntegrationsReview Setup Guide
Exports & records
Artifacts reviewers recognize. Preview the structure before you share anything.
Scroll for artifact previews

Setup

Setup

A short path from connection to an exportable evidence bundle.

01
Connect Amazon Web Services (AWS)
Sign-in method: AWS Assume Role. Read-only, least-privilege access.
02
Confirm Evidence Sources and Cadence
Confirm evidence sources and set cadence (every 1 hour).
03
Validate Capture (Read-Only Where Possible)
Validate evidence capture in read-only mode (where possible) before expanding workflows.
04
Map Evidence to Controls
Map captured artifacts to controls (7 mapped controls listed).
05
Bundle evidence when needed
Export an evidence bundle (ZIP) when you need an offline attachment. Aurora keeps the underlying source and timestamps so the work stays reusable.

Capture

What This Integration Captures

Evidence types and collection notes, based on the integration’s published resources.

What Aurora monitors
32 continuous checks
AWS CloudTrail is enabled in all regions • AWS CloudTrail is enabled and healthy
Evidence Aurora can collect
5 evidence types
Accounts • User accounts
How it stays current
Incremental updates every 1 hour. Full refresh daily.
Checks update as new data is synced.
Checks
Automated checks Aurora can run
Checks map directly to common buyer requirements. Reviewers see the result as exportable evidence, not a screenshot.
AWS CloudTrail is enabled in all regions
AWS CloudTrail is enabled and healthy
AWS CloudTrail log file validation is enabled
AWS CloudTrail logs are encrypted with KMS
AWS CloudTrail includes global service events
AWS CloudTrail logs all management events (read/write)
CloudTrail destination S3 buckets deny insecure transport
CloudTrail destination S3 buckets have default encryption enabled
CloudTrail destination S3 buckets have versioning enabled
CloudTrail destination S3 buckets enforce Public Access Block
AWS Organizations management account has an Organization Trail enabled
S3 public access block is enabled account-wide
And 20 more checks.
Evidence
Evidence types collected
These evidence objects can be mapped to controls and exported as an evidence bundle or audit workbook snapshot.
AccountsUser accountsResourceFindingsJob
Produces
  • Evidence objects with source details
  • Freshness and cadence status
  • Evidence bundle exports (plan-based)
Security Note
Read-only API, scoped credentials, and an audit trail for every sync.
Cadence Controls
Incremental updates every 1 hour. Full refresh daily.

Reviewers

Why It Matters for Reviewers

A few ways this reduces follow-ups during audits and buyer reviews.

  • Reduces evidence follow-ups by attaching system exports directly to answers.
  • Keeps timestamps explicit for audit windows.
  • Makes sampling easier through evidence bundles.

Frameworks

Controls and Frameworks Impacted

A quick sense of which frameworks this connector helps cover (based on mapped controls).

Aurora Essentials (Baseline Control Set)
AURORA_ESS
7 controls
Australian Information Security Manual (ISM)
AUSTRALIAN_ISM
7 controls
Australian ISM for IRAP and ASD
AUSTRALIAN_ISM_IRAP
7 controls
Dubai Information Security Regulation (ISR)
ISR
7 controls
CIS Amazon Web Services Foundations Benchmark
CIS_AWS_FOUNDATIONS_BENCHMARK
6 controls
CMS Acceptable Risk Safeguards (ARS)
CMS_ARS
6 controls
FedRAMP Security Controls Baseline (Moderate) - NIST SP 800-53 Rev. 5
FEDRAMP_REV5_MODERATE_BASELINE
6 controls
China Multi-Level Protection Scheme (MLPS) 2.0
MLPS_2_0
6 controls
NIST Cybersecurity Framework (CSF) 2.0
NIST_CSF_2_0
6 controls
NIST SP 800-53 Rev. 5
NIST_SP_800_53_REV_5
6 controls
Saudi Essential Cybersecurity Controls (ECC)
SAUDI_ECC
6 controls
Adobe Common Controls Framework (Adobe CCF)
ADOBE_CCF
5 controls
Not sure what you need? Get mapping help

Common questions

Amazon Web Services (AWS) Integration Questions

Short answers to common evaluation questions.

Does this require admin access?
It depends on the evidence you choose to capture. We'll confirm required permissions during setup.
Can we control cadence?
Yes. In eligible plans, cadence is configurable.
Can we export evidence if a reviewer asks?
Yes. Export evidence bundles for offline attachments, or give reviewers structured access through Trust Center. Aurora keeps the source and timestamps so work stays reusable between reviews.
Live walkthrough
Want to Confirm Evidence Coverage for Amazon Web Services (AWS)?
Tell us about your evidence gap, audit question, or framework target. We'll show what can be automated, what stays manual, and how to share it in a controlled way.
Request a 15-Minute Walkthrough
View PricingBrowse Integrations
15-minute walkthrough. No obligation. We'll show Aurora applied to your workflow and show the exact outputs. (No compliance guarantees.)