Secure Compass
Login Scan My Account

How many of your AWS resources are publicly exposed?

82% of AWS accounts we scan have at least one public exposure. 22 resource types checked. Results in minutes.

Free. No credit card. Read-only access. 5 minutes to set up.

securecompass.io/public-exposure-scanner
⚠ 160 Public Resources Exposed
These resources are accessible from the internet and require immediate attention.
157
High Priority
0
Medium
3
Low
CriticalS3
storage-uploads-bucket
S3 bucket policy should prohibit public access
CriticalS3
analytics-data-export
S3 bucket policy should prohibit public access
CriticalS3
static-assets-cdn
S3 bucket policy should prohibit public access
MediumEC2
group/worldread
Security group allows unrestricted access

Set up in minutes. Read-only access.

1

Sign up

GitHub, Google, or Microsoft login. Takes seconds.

2

Deploy read-only access

One CloudFormation template. Creates a read-only IAM role. No write access, no credentials stored.

3

See what's exposed

Your scan runs automatically. Every publicly accessible resource, ranked by risk, with remediation guidance.

22 resource types scanned

We check every resource type that can be publicly exposed in your AWS account.

S3
EC2
RDS
Lambda
ELB
CloudFront
API Gateway
ECS
VPC
IAM
KMS
CloudWatch
CloudTrail
SNS
SQS
Route 53
EBS
Secrets Mgr
WAF
EFS
DynamoDB
ACM

Read-only access only. We never modify your resources.

What we've found

82%
of accounts have at least one public exposure
S3
most commonly exposed resource type
22
resource types checked per scan
<5m
from signup to first results

Questions

What access does the scan need?

A read-only IAM role deployed via CloudFormation. No write access, no credentials stored. You can revoke access at any time by deleting the CloudFormation stack.

How long does the scan take?

Setup takes about 5 minutes. The scan runs in under 2 minutes and results appear automatically.

What happens if exposures are found?

You see every publicly accessible resource ranked by risk, with specific remediation steps. You can acknowledge intentional exposures (like public-facing load balancers) to focus on real issues.

Can I scan multiple accounts?

Yes. Add as many AWS accounts as you need. Each gets its own scan results and you can switch between them.

Who builds this?

Secure Compass is built by base2Services, an AWS Advanced Consulting Partner specialising in platform engineering and managed AWS operations.

Every day you don't scan is a day your resources might be exposed.

22 resource types. Read-only access. Results in minutes. Free.

Scan My Account