Automate your AWS Well-Architected Security Review
228 security controls assessed against the AWS Well-Architected Framework Security Pillar. Get your compliance score, priority findings, and executive report in 5 minutes — free.
No credit card. Read-only IAM role. 5-minute setup via CloudFormation.
The problem with manual Well-Architected Reviews
The AWS Well-Architected Tool asks questions. You answer them manually. Nobody knows if the answers are accurate, the review goes stale within weeks, and the output is a spreadsheet nobody reads. Most teams run a WAR once and never revisit it.
Average time to complete a manual Well-Architected Review across all pillars
Manual reviews are stale the moment they're finished — no continuous monitoring
Self-assessed answers with no automated verification or proof of compliance
What Secure Compass assesses
We run 228 automated checks against the 7 best practice areas of the AWS Security Pillar — then score, rank, and report the results so you know exactly where you stand.
Security Foundations
Account-level controls, shared responsibility model, and security governance across your AWS environment.
Identity & Access Management
IAM policies, MFA enforcement, role permissions, credential rotation, and least-privilege access.
Detection
CloudTrail logging, Config rules, GuardDuty findings, and automated threat detection across services.
Infrastructure Protection
VPC configuration, security groups, NACLs, WAF rules, and network segmentation.
Data Protection
Encryption at rest and in transit, key management, S3 bucket policies, and data classification.
Incident Response
Runbooks, alerting configuration, automated remediation, and incident investigation readiness.
Application Security
Code analysis, dependency scanning, API security, and secure deployment practices.
5 minutes from signup to your first report
Deploy read-only access
One CloudFormation template creates a read-only IAM role. SecurityAudit and ViewOnlyAccess policies only. No credentials stored.
Automated security scan
228 controls run automatically against your account. Every design principle scored. Every failing resource identified with remediation guidance.
See your results
Compliance score, priority action items, period-over-period trends, and an executive-ready PDF you can share with your board or auditor.
Free tier includes the full Security Pillar assessment and Public Exposure scanner.
How it compares
| Manual WAR | AWS WA Tool | Secure Compass | |
|---|---|---|---|
| Assessment method | Self-assessed questionnaire | Self-assessed questionnaire | Automated resource scanning |
| Time to complete | Weeks | Hours | 5 minutes |
| Evidence-based | No | No | Yes — every finding linked to a resource |
| Continuous monitoring | No | Manual re-review | Yes — scheduled rescans |
| Executive report | Spreadsheet | Console only | PDF export for board/auditor |
| Compliance mapping | Manual | None | SOC 2, ISO 27001, PCI-DSS, HIPAA, NIST |
| Public exposure detection | Not included | Not included | 22 resource types scanned |
| Cost | Consultant fees | Free (AWS console) | Free tier — no credit card |
7 design principles, 228 controls
The Security Pillar defines 7 design principles for building secure workloads on AWS. Secure Compass maps automated checks to each one and gives you a compliance score per principle.
Implement a strong identity foundation
Enforce least privilege, centralize identity management, and eliminate long-term static credentials across your AWS accounts.
Maintain traceability
Monitor, alert, and audit all actions in real time. Integrate logging with automated investigation and response.
Apply security at all layers
Defense in depth across the edge, VPC, load balancers, instances, operating systems, and application code.
Automate security best practices
Define security controls as code in version-controlled templates. Scale securely without manual gates.
Protect data in transit and at rest
Classify data by sensitivity, enforce encryption with KMS, and apply access controls at every layer.
Keep people away from data
Reduce direct access to production data. Automate processing to minimise risk of human error or mishandling.
Prepare for security events
Incident management policies, response simulations, and automated detection, investigation, and recovery tooling.
Built for teams that run production on AWS
For the CTO
One-click executive report showing your security posture, compliance score, and what's improving. Share with your board in PDF.
For the engineer
Priority-ranked findings with specific resources and remediation guidance. No noise — just the actions that matter.
For the auditor
Compliance mapping across SOC 2, ISO 27001, PCI-DSS, HIPAA, and NIST with specific failing controls and evidence.
For the MSP
Multi-account, multi-team assessments across your customer base. Track posture improvement over time per customer.
Frequently asked questions
What is an AWS Well-Architected Review?
A Well-Architected Review (WAR) evaluates your AWS workloads against the AWS Well-Architected Framework — a set of best practices across 6 pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. Secure Compass automates the Security Pillar review.
How is this different from the AWS Well-Architected Tool?
The AWS WA Tool is a questionnaire — you answer questions manually about your architecture. Secure Compass scans your actual AWS resources and gives you evidence-based findings. No self-assessment, no guesswork.
Do you cover all 6 pillars?
Secure Compass focuses on the Security Pillar — the most complex and compliance-relevant pillar. We assess 228 controls across all 7 security best practice areas with automated resource scanning.
What AWS access does it need?
A read-only IAM role deployed via a CloudFormation template. SecurityAudit and ViewOnlyAccess policies only. No write access, no credentials stored. You can inspect the template before deploying.
How often should I run a Well-Architected Review?
AWS recommends reviewing workloads regularly, not just once. Secure Compass runs scheduled assessments so your security posture is continuously monitored — not a point-in-time snapshot that goes stale.
Can I use this for SOC 2 or ISO 27001 audits?
Yes. Secure Compass maps your Security Pillar assessment findings to SOC 2, ISO 27001, PCI-DSS, HIPAA, and NIST controls. You can see exactly which compliance controls are failing and use the reports as audit evidence.