Secure Compass
LoginRun Free Assessment
Secure Compass

Your AWS accounts have security gaps you don't know about

Assess your AWS accounts against the Well-Architected Security Pillar, find publicly exposed resources, and map compliance gaps. Results in minutes.

Free. No credit card. Read-only access. 5 minutes to set up.
Security PillarPublic Exposure
securecompass.io
Security PillarMonitoringComplianceExecutive ReportPublic Exposure
Acme Corp ▾012345678901
67%
Security Score
↑ 4% from last assessment
169/228
Passing
10
Principles
⚠ 160 publicly exposed resourcesReview in scanner →
Actions Required
Resource publicly accessible
Root account MFA not enabled
Access key rotation overdue
Security Principles
169 of 228 controls passing
97%
Securely operate workload1
56%
Manage identities8
80%
Manage permissions3
79%
Detect and investigate3
70%
Protect network resources5
85%
Protect compute resources2
80%
Protect data at rest3
Security PillarMonitoringComplianceExecutive ReportPublic Exposure
How do you manage identities?
56%
Score
82
Controls
51
Passing
There are two types of identities you need to manage when operating secure AWS workloads.
Recommendations (8)SecurityPrincipals
Use strong sign-in mechanisms
25%
• MFA should be configured for all users
• Root account should have hardware MFA
• Password policy should enforce complexity
!Audit and rotate credentials periodically
60%
!Use temporary credentials
50%
!Store and use secrets securely
75%
Security PillarMonitoringComplianceExecutive ReportPublic Exposure
Public Exposure Scanner
Scan your AWS accounts for publicly accessible resources
⚠ 160 Public Resources Exposed
These resources are accessible from the internet
157
High Priority
0
Medium
3
Low
🔍 Search by name, ARN...S3 156EC2 3All risks ▾
Active Issues 159Acknowledged 1
CriticalS3
storage-uploads-bucket
S3 bucket policy should prohibit public access
CriticalS3
analytics-data-export
S3 bucket policy should prohibit public access
CriticalS3
static-assets-cdn
S3 bucket policy should prohibit public access
MediumEC2
group/worldread
Security group allows unrestricted access
Security PillarMonitoringComplianceExecutive ReportPublic Exposure
Public Exposure Scanner
🔍 Search...All types ▾All risks ▾
Active Issues 159Acknowledged 1
✓ AcknowledgedintentionalCriticalS3
analytics-data-export
S3 bucket policy should prohibit public access · ap-southeast-2
Acknowledged 08/04/2026 by team@acmecorp.com
Acknowledge Public Exposure
You are acknowledging the public exposure of
analytics-data-export
Reason for Acknowledgement
Intentional ▾
CancelAcknowledge Resource
Built bybase2ServicesAWS Advanced Consulting Partner

82% of AWS accounts we assess have at least one publicly exposed resource.

Based on assessments across hundreds of AWS accounts. Check your exposure →

Security Pillar Assessment

228 controls assessed against the AWS Well-Architected Security Pillar. See which design principles pass, which fail, and track improvement over time.

10 security design principles evaluated

Period-over-period comparison

Per-service compliance breakdown

securecompass.io/dashboard
Security Principles200 of 228 passing
SEC01 Secure operations92%
SEC02 Identity management42%
SEC03 Permissions97%

Public Exposure Scanner

Find every publicly accessible resource in your AWS account. S3 buckets, EC2 instances, RDS databases, API endpoints, and 18 more resource types.

22 resource types scanned

Risk-ranked findings with remediation guidance

Acknowledge intentional exposures

securecompass.io/public-exposure-scanner
Public Resources Found3 critical
S3 bucket with public read accessCritical
RDS instance publicly accessibleHigh
EC2 with open security groupMedium

Compliance Mapping

See exactly where you stand against SOC 2, ISO 27001, PCI-DSS, HIPAA, and NIST. Specific controls that are failing, not just a percentage. Gap analysis with audit evidence you can share.

Executive Reports

One-click PDF reports designed for board presentations. Compliance score, trend comparison, priority findings, and specific recommendations. Prioritised action items with resource details.

See what your report looks like
base2Services

Built by AWS specialists

Secure Compass is built and operated by base2Services, an AWS Advanced Consulting Partner. We specialise in platform engineering on AWS and DevOps, providing an infrastructure lens backed by real engineers. You get clarity on risk, architecture guidance, and action beyond your report. This tool is part of how we assess every new customer.

Need more than an assessment? That's where the real work starts. Security remediation, compliance support, and ongoing AWS operations.

Run Your Free Assessment Talk to base2Services

FAQ

Is the assessment really free?

Yes. The full Security Pillar assessment (228 controls) and Public Exposure scanner are free with no credit card required. You get a complete report on your first scan.

What access does it need to my AWS account?

A read-only IAM role deployed via CloudFormation. No write access, no credentials stored. You can review the CloudFormation template before deploying.

What compliance frameworks do you support?

SOC 2, ISO 27001, PCI-DSS, HIPAA, NIST CSF, and FedRAMP. Each framework shows your compliance rate and the specific controls that are failing.

How long does setup take?

About 5 minutes. Sign up, add your AWS account ID, deploy the CloudFormation stack (one click), and your first assessment runs automatically.

What's the relationship with base2Services?

Secure Compass is built and operated by base2Services, an AWS Advanced Consulting Partner. If your assessment reveals gaps you need help fixing, base2 provides managed AWS services and security remediation.

Can I share my report with my team or board?

Yes. The Executive Report is designed for non-technical stakeholders and can be exported as a PDF for board presentations or audit evidence.

Still have questions? Talk to us — or just run the free assessment and see for yourself.

Find out what's exposed in your AWS accounts

228 security controls. 22 resource types. SOC 2 and ISO 27001 compliance mapping. Free tier.

Run Your Free Assessment

No credit card required. 5-minute setup.