The AWS evidence layer
for your SOC 2 audit.
Walk through your SOC 2 audit with an evidence package your auditor can independently verify, every finding traced to the exact AWS API call that produced it. No surprises, no scrambling.
Hand your auditor something they can actually verify.
Every finding hashed.
Every finding includes the AWS API endpoint, timestamp, and SHA-256 hash of the raw response. Your auditor can re-run the call themselves.
Not 30 days.
Provision a read-only role, paste the ARN, get a gap report before your coffee gets cold.
Every finding is deterministic.
Every finding and remediation is produced by hardcoded logic tied to a specific AWS API call, a specific response field, and a specific condition.
Make controls yours.
Your security program doesn't look like the textbook. Map your own policies, contractual commitments, and industry requirements to AWS evidence, collected and hashed the same way as every built-in control.
Your compliance copilot,
grounded in your scan.
Gideon isn't a generic chatbot. It reads your exact findings, your gap scores, and your AWS footprint, then tells you what to fix, in what order, with exact CLI commands. So when your auditor asks a question, you have an answer, not a spreadsheet.
- Remediation roadmap with copy-pasteable AWS CLI commands
- Policy generator: security policy, IRP, change management
- Risk register (AICPA-aligned, 8-question intake)
- Auditor rehearser: practice answers before your audit
aws iam enable-mfa-device …“The control is actually working, you just can't prove it six months later because the proof was in a screenshot someone saved to a folder nobody remembers.”
“Evidence collection is a problem even with tools that can be ridiculously expensive. Used Drata, wasn't that good. Used Vanta, not that much automation.”
“The SHA-256 traceability angle is genuinely smart. Tamper-evident, API-sourced evidence is something auditors will respect.”
- Free scan
- Evidence collected & CSV export
- Gap score & freshness
- Mapped to 12 Core SOC 2 Controls
- 1–2 in-depth analyses on remediations (CC6.1 & CC6.6)
- Complete control over data & deletion
- Deep analysis across 12 Critical SOC 2 controls
- Traceable Evidence, auditor-submittable, SHA-256 traces
- Customizable controls
- Gideon compliance co-pilot (remediations, risk assessment, policy writing)
- Scan history & deltas
- Personalized compliance workflow
- Hands-on founder support for SOC 2 audit
- Razor-fast scans & feedback
Run your free scan
Provision a read-only IAM role. Paste the ARN. Get a gap report in under 30 seconds.
1. Generate an ExternalId
2. Deploy the CloudFormation
Template grants only what we need. ExternalId is baked into the trust policy.
3. Paste your Role ARN
Limits: 3 scans / external_id / day · 1 concurrent · resets 00:00 UTC
What we touch
- IAM users, roles, policies, password policy, MFA
- S3 encryption, public access, versioning
- CloudTrail trails, event selectors
- Config recorders & rules
- EC2 SGs, VPCs, flow logs
- KMS keys + rotation policies
- GuardDuty detectors & finding stats
- SecurityHub standards + HIGH/CRITICAL findings
- SSO/Identity Center permission sets
- Secrets Manager metadata only (never values)
- WAF Web ACLs & protected resources
- Lambda, RDS, SNS, CloudWatch
Read-only · ExternalId-bound · Zero secret material accessed · What we store · Required permissions · Checklist