<\!DOCTYPE html> Cloud Infrastructure Audit — Sentinel Stacks
Phase 3: Sentinel-Audit-Pulse

Real-Time Cloud Infrastructure Audit

Provide read-only access credentials. We'll scan your AWS or Azure environment for misconfigurations, IAM drift, network exposure, and encryption gaps.

Credentials never stored Read-only IAM access In-memory execution only No write operations
<\!-- MAIN FORM CARD -->
<\!-- TABS -->
<\!-- SCANNING OVERLAY (replaces form while scan runs) -->
Running Cloud Audit
Authenticating with cloud provider…
Assuming read-only role
Auditing storage bucket exposure
Checking IAM/RBAC least-privilege drift
Analyzing VPC/NSG moat integrity
Checking encryption-at-rest status
Generating findings report
<\!-- AWS PANEL -->
AWS Read-Only Role
The ARN of a read-only IAM role. Must allow sts:AssumeRole.
For cross-account security. Required if your trust policy uses a Condition on sts:ExternalId.
How to Create the IAM Role (2 minutes)
1 Go to IAM → Roles → Create Role. Choose "AWS Account" and select "Another AWS Account".
2 Account ID: 058264219672 (Sentinel Stacks audit account). Enable "Require external ID" if you want extra security.
3 Attach the ReadOnlyAccess managed policy. This gives us read access to S3, IAM, EC2, and RDS metadata.
4 Name the role SentinelAuditRole and save. Copy the Role ARN and paste it above.
<\!-- AZURE PANEL -->
Azure Service Principal
The secret Value, not the Secret ID. Only visible once in Azure portal after creation.
How to Create the Service Principal (3 minutes)
1 Go to Azure Active Directory → App Registrations → New Registration. Name it "SentinelAuditSP".
2 Under Certificates & Secrets → New Client Secret. Set expiry to 1 day. Copy the Value (not the ID).
3 Go to Subscriptions → Access Control (IAM) → Add Role Assignment. Assign the Reader role to your new app registration.
4 Copy your Tenant ID, Client (Application) ID, Client Secret value, and Subscription ID from the portal into the fields above.
<\!-- SIDE INFO -->
Audit Scope
  • Storage bucket / blob public exposure
  • IAM / RBAC least-privilege drift
  • VPC / NSG moat integrity (open ports, wide rules)
  • Encryption-at-rest status (volumes, buckets)
Read-Only Access Required
Typical scan time: 1–3 minutes
Zero-Storage Architecture
  • Credentials processed in-memory only
  • Discarded immediately after scan completes
  • Never written to database or disk
  • Only findings and risk scores are stored
Prefer Managed Audit?

Our team can run a full Hunter-Class audit with remediation support, compliance mapping, and a written report.

Request Full Assessment →
Free Cloud Audit
Where should we send
your audit report?
Your full cloud security findings will display immediately. Enter your email so we can follow up with a remediation plan.
🔒 No spam. We use this to follow up with remediation recommendations only.