Auto-discover EC2, S3, RDS, Lambda, VPCs, and 50+ AWS resource types across all regions and accounts. Health monitoring, CIS compliance, and cost visibility from a single dashboard.
CloudVista polls AWS APIs across every enabled region and account, building a complete, always-current asset inventory without agents or manual input.
Instance type, state, AZ, AMI, attached volumes, security groups, public/private IP
ALB, NLB, CLB β listeners, target groups, health check status, access logs
Engine, version, multi-AZ, backup retention, encryption, publicly accessible flag
Public access block, versioning, encryption, replication, bucket policy presence
Runtime, memory, timeout, VPC config, last modified, concurrency limits
Kubernetes version, node groups, endpoint access, logging config
CIDR, route tables, internet/NAT gateways, VPC peering, flow logs enabled
Inbound/outbound rules, open ports, 0.0.0.0/0 exposure flagged automatically
MFA status, last used, attached policies, access key age, admin privileges
Min/max/desired capacity, launch template, health check type, AZs
Billing mode, capacity units, global tables, backup status, encryption
CloudFront, Route 53, SQS, SNS, ElastiCache, Redshift, EBS volumes, and more
No agents to deploy, no complex setup. CloudVista uses read-only IAM roles to safely discover your entire AWS estate.
In AWS Console, create an IAM role with the SecurityAudit managed policy. Trust CloudVista's AWS account with an external ID for secure cross-account access. CloudVista provides a one-click CloudFormation template to automate this.
Enter the IAM role ARN and external ID in CloudVista's Credentials page. CloudVista validates the connection and immediately begins discovering resources across all enabled AWS regions.
All resources appear in the unified dashboard within minutes. Filter by region, resource type, or tag. Enable CIS AWS compliance checks and cost visibility in one click.
Real-time health status per resource. EC2 instances with failed status checks, RDS databases with replication lag, ELB targets with unhealthy checks β all surfaced automatically.
Continuous checks against CIS AWS Foundations Benchmark v3.0 β 60+ controls covering IAM, CloudTrail, Config, VPC security, and S3 configuration. Evidence export for SOC 2 audits.
Monthly spend per service and account, 12-month trend, 3-month forecast, and budget alerts. Stale resource identification shows exactly which EC2 and RDS instances are idle.
Interactive topology showing VPCs, subnets, security groups, EC2 instances, RDS clusters, and load balancers β with cross-region and cross-account relationship support.
Every configuration change is tracked: new resources, modified security groups, changed instance types, terminated instances. Full audit trail with timestamps for incident response.
Add multiple AWS accounts and AWS Organisations. View all accounts together or filter per account. Cross-account resource relationships visible in topology and inventory views.
| Capability | CloudVista | AWS Config | AWS Security Hub |
|---|---|---|---|
| Full inventory (50+ types) | ✓ | ✓ | Partial |
| Interactive topology maps | ✓ | ✗ | ✗ |
| Health monitoring | ✓ | ✗ | Partial |
| Azure / OCI / VMware support | ✓ | ✗ | ✗ |
| Cost visibility & budgets | ✓ | ✗ | ✗ |
| CIS compliance checks | ✓ | ✓ | ✓ |
| SOC 2 evidence export | ✓ | ✗ | ✗ |
| Free tier | Free forever | Pay-per-resource | Pay-per-finding |
Create an IAM role in your AWS account with the SecurityAudit managed policy. Add the role ARN and external ID to CloudVista via Settings › Credentials. CloudVista uses STS to assume the role and discovers resources across all enabled regions immediately.
Yes. Add a separate IAM role credential per account, or use an AWS Organisations master role to discover resources across all member accounts simultaneously from a single credential.
CloudVista runs CIS AWS Foundations Benchmark v3.0 checks across IAM, logging, monitoring, networking, and storage. Findings map automatically to SOC 2 Trust Service Criteria and ISO 27001:2022 Annex A.
Yes. The free forever plan includes AWS inventory for up to 300 resources across 1 account, health monitoring, and basic compliance checks. No credit card required.
CloudVista syncs your AWS inventory every 4β6 hours by default. You can trigger a manual sync at any time from the dashboard, and configure per-credential sync frequency on Business and Enterprise plans.
CloudVista discovers every EC2, S3, RDS, Lambda and VPC resource across all your AWS accounts in minutes. No agents, no credit card.
Start Free Today Live Demo