AWS Cloud Security Review

CREST-Certified AWS Cloud Security Review for UK Businesses

A CREST-certified assessment that combines the CIS AWS Foundations Benchmark with manual exploitation across IAM, S3, networking, compute and encryption. Unlike automated CSPM, which only flags misconfigurations, it proves which weaknesses an attacker could actually reach and maps every fix to your frameworks. Live findings during testing, free retests after remediation, fixed-price scope within 24 hours.

  • Unlimited retesting
  • Unlimited pre-retesting
  • No hidden fees
Accredited & recognised
Cyber Essentials certified Cyber Essentials Plus certified IASME certifying body ISO 27001 certified ISO 9001 certified Crown Commercial Service supplier UK Cyber Security Council member
CREST
Approved provider
CIS
AWS Foundations Benchmark v3.0
FREE
Retest included
24h
Scope to active test
CLIENT REFERENCE
“I would highly recommend EJN Labs to any organisation seeking reliable, detailed, and well-managed penetration testing services, particularly for government or enterprise-level projects.”
SquareOneImran SaghirProject Lead, SquareOne
CLIENT REFERENCE
“There wasn’t another company we could find that could deliver what we needed in the timeframe we needed. The client loved it, and we got instant ROI from the engagement.”
CelloriDan WilcocksonCo-Founder, Cellori
WHY IT MATTERS
38%

of organisations have a cloud workload that is publicly exposed, critically vulnerable and over-privileged at once. Each flaw looks minor alone; chained, they are a direct path in.

AWS CSPM tells you what is misconfigured. We tell you what is exploitable.

AWS runs a shared responsibility model: AWS secures the underlying infrastructure, but you own the security of your IAM policies, S3 buckets, security groups and data. In fast-moving accounts, configuration drift opens exploitable gaps that automated scanners miss. A manual review confirms what an attacker could reach and gives auditors the evidence they expect for SOC 2, ISO 27001 and Cyber Essentials.

A cloud security posture management tool can flag a permissive S3 bucket policy. It cannot tell you whether the bucket actually contains sensitive data, whether the IAM role attached to your Lambda function can be assumed cross-account, or whether your EKS pod can read instance metadata via IMDSv1.

Our AWS penetration testing and cloud security review combines automated CIS Benchmark scanning with manual exploitation across IAM, S3, EKS, Lambda, KMS, and the data plane. Reports satisfy ISO 27001 Annex A.13.1, SOC 2 CC6.6, PCI DSS Req 11.3, and align with NCSC cloud security principles, without translation work.

12 AWS SERVICES AUDITED

What an AWS Security Review Covers

Aligned to the CIS AWS Foundations Benchmark v3.0; multi-account environments supported.

IAM

Identity & Access Management (IAM/STS)

Role trust policies, AssumeRole abuse, privilege escalation paths, MFA enforcement, root account hardening, cross-account boundary review.

S3

Object Storage (S3)

Public buckets, ACL misconfigs, encryption at rest (KMS / SSE-S3), bucket policy abuse, signed URL leakage, cross-account access vectors.

EC2

Compute & Instance Metadata (EC2)

IMDSv1 vs v2 enforcement, AMI permissions, security group exposure, public AMIs leaking secrets, SSM session manager scrutiny.

VPC

Networking (VPC)

Security group misconfigurations, NACL gaps, VPC peering, public subnets, transit gateway hops, data perimeter exposure.

Lambda

Serverless (Lambda)

Function policy abuse, environment variable leakage, dead-letter-queue exposure, layer-package supply chain, function URL exposure.

EKS

Kubernetes (EKS)

Pod security, RBAC scrutiny, control-plane exposure, node IAM trust, IRSA boundary, container image registry security.

KMS

Encryption Keys (KMS)

Key policy review, automatic rotation, cross-account access, multi-region key replication, grant abuse, deletion protection.

Secrets

Secrets & Parameters (Secrets Manager)

Rotation enforcement, cross-account access, automatic-rotation Lambda IAM, access pattern audit, version history exposure.

API GW

API Gateway

Authorizer enforcement, custom domain TLS, throttling configuration, schema validation, resource policy gaps, IAM auth misconfig.

CloudTrail

Logging & Audit (CloudTrail)

Multi-region coverage, log file integrity validation, S3 destination security, retention policies, GuardDuty integration.

RDS

Managed Databases (RDS)

Snapshot exposure, public accessibility, encryption at rest, performance insights, IAM database authentication, backup retention.

CloudFront

CDN & Edge (CloudFront)

Origin Access Identity, cache poisoning, signed cookies / URLs, WAF integration, Lambda@Edge function security, geo-restriction posture.

FOUR-PHASE METHODOLOGY

AWS Cloud Security Review: From Asset Inventory to Hardening Plan

Read-only by default. Manual exploitation only with explicit written approval per resource type.

01

Account Discovery

CloudFormation / Terraform / CDK review. AWS Organizations mapping. Asset inventory across services. IAM policy graph extraction. Read-only access via SecurityAudit role.

02

CIS Benchmark Audit

CIS AWS Foundations v3.0 control-by-control assessment. AWS Well-Architected pillars review. Compliance score baseline established before manual phase.

03

Manual Exploitation

AWS IAM privilege-escalation chains, AWS S3 enumeration, AWS EC2 IMDS attacks, Lambda execution-role abuse, EKS pod-to-node escape, KMS key policy abuse, all with written authorisation.

04

Report & Hardening

CIS-mapped findings, prioritised remediation plan, Terraform / CloudFormation patch examples, executive + technical reports. Free retest within 30 days.

CREDENTIALS

Verified Accreditations Auditors Accept

Every credential below is independently verifiable. UK procurement teams, FCA supervisors, ISO 27001 / SOC 2 auditors, and cyber insurance underwriters all recognise these standards.

GET YOUR QUOTE

Get a fixed AWS Cloud Security Review quote in 24 hours

A fixed-price quote back in one business day, from a named CREST assessor. No sales pipeline, no chasing.

  • CREST and IASME accredited. Testing your auditors and clients already recognise.
  • Fast-track testing within 24 hours where required. Free retest of every fix included.
  • Live findings via your client portal, not a four-week PDF.
  • Fixed price from £3,500 for a single-role, single-app scope, agreed up front. Most engagements run £5,000 and up. No day-rate surprises.
What clients say
There wasn’t another company we could find that could deliver what we needed in the timeframe we needed. The client loved it, and we got instant ROI from the engagement.
CelloriDan WilcocksonCo-Founder, Cellori

Under NDA Further named references available on a scoping call.

What happens next
  1. We reply within one business day with a fixed-price quote from a named CREST assessor.
  2. You approve the scope and we book a start date, usually within 24 hours.
  3. Live findings land in your client portal as we test, with a free retest of every fix.
Accredited & recognised
CREST member Cyber Essentials certified Cyber Essentials Plus certified IASME certifying body ISO 27001 certified ISO 9001 certified UK Cyber Security Council Crown Commercial Service supplier

Get your fixed AWS Cloud Security Review quote in 24 hours

24h reply CREST tester Free retests

or book a 20-min scoping call first

We reply within one business day. Your data stays with us. No newsletter signup.

COMPLIANCE READY

AWS Reports Mapped to Every Framework

Findings tagged to CIS Benchmark control IDs and your specific compliance framework. Audit teams submit directly without translation.

CIS AWS Foundations v3.0

Control-by-control compliance score and remediation evidence accepted by enterprise audit teams.

AWS Well-Architected

Security pillar review across the five sub-categories: IAM, detection, infrastructure, data, and incident response.

ISO 27001 (Annex A)

A.13 network security, A.14 secure development, A.18 compliance, cloud-control evidence in the format ISO auditors accept.

SOC 2 Type I & II

CC6.6 logical access, CC7.1 vulnerability identification, CC7.2 monitoring evidence accepted by SOC 2 auditors.

PCI DSS

Req 1, 2, 7, 8, 11.3 control evidence for AWS-hosted PCI scope, including segmentation and encryption attestation.

NCSC Cloud Security Principles

14 principles assessed including data in transit, supply chain, identity, separation, and audit information.

PRICING

Transparent AWS Cloud Security Review Pricing

All tiers include the same depth of testing. Price varies by AWS estate complexity: account count, service breadth, resource volume, and data-perimeter scope.

✦ ALWAYS · ON EVERY TIER · NO EXCEPTIONS ✦
Free retests, no time limit
Free rescheduling
No cancellation fees
24-hour scope to active testing
Live findings to client portal
Executive + technical report
60-min walkthrough call
Letter of attestation
SMALL / SMB
£4,500–£8,000
Depends on app complexity

Single AWS account, ≤10 services in use, ≤50 resources, basic IAM. Typically 4-5 day engagement.

Get a fixed quote
ENTERPRISE
£14,000–£22,000
Depends on app complexity

Landing zone (10+ accounts), 20+ services, 200+ resources, multi-region, EKS + data perimeter, regulated workloads. Typically 10-15 day engagement.

Get a fixed quote

Full UK pen test cost guide

WHY EJN LABS

What You Actually Get

What distinguishes our AWS review from CSPM tools and one-off configuration audits.

What You Get From AWS Cloud Security Review

AWS penetration testing as a read-only audit across IAM, S3, EKS, Lambda, KMS, and 7 more services, with manual exploitation chains and a CIS-mapped hardening plan.

CIS Benchmark + Manual Combination

Automated CIS scan establishes the baseline. Manual exploitation tests what scanners cannot: IAM privilege escalation chains, IMDS attacks, EKS pod escapes.

Read-Only by Default

We start with the AWS-managed SecurityAudit role. No write access required. Manual exploitation only with explicit written approval per resource.

Terraform / CloudFormation Patches

Every finding ships with example IaC remediation: Terraform module diffs, CloudFormation patches, CDK constructs. Engineers fix faster.

Free Retests, No Time Limit

Verify remediation of every fixed finding before close-out. Letter of attestation for audit submission included, with no per-retest charge.

UK CREST + IASME + ISO 27001 + ISO 9001

Independently accredited. Verifiable on the CREST marketplace. Reports accepted by FCA, NCSC, NHS, ICO, SOC 2 auditors, and cyber insurers.

FAQ

Frequently Asked

How long does an AWS cloud security review take?

A single-account review (≤10 services, ≤50 resources) typically takes 4-5 working days. Mid-market AWS Organizations (3-10 accounts, EKS or Lambda) takes 7-10 days. Enterprise landing zones (10+ accounts, multi-region, data perimeter) take 10-15 days. Test duration is determined during scoping based on account count and service breadth.

How much does an AWS cloud security review cost in the UK?

AWS penetration testing engagements at single-account scale range from £4,500 to £8,000. Mid-market (most commonly commissioned) £8,000 to £14,000. Enterprise £14,000 to £22,000. All quotes are fixed-price after scoping with no day-rate surprises. The day rate for CREST-certified testers is £1,100–£1,400 per day.

Do you follow the CIS AWS Foundations Benchmark?

Yes. Every AWS engagement includes a control-by-control CIS AWS Foundations Benchmark v3.0 assessment. Findings are tagged to specific CIS control IDs (e.g., 1.2: root account hardware MFA) so your audit team can submit evidence directly. We also reference the AWS Well-Architected Framework security pillar where applicable.

What AWS services do you cover?

Core AWS services: AWS IAM, AWS S3, AWS EC2, AWS VPC, AWS Lambda, AWS EKS, AWS KMS, Secrets Manager, API Gateway, CloudTrail, RDS, CloudFront. Extended scope on request: ECS, Fargate, Step Functions, EventBridge, SNS, SQS, AppSync, WAF, GuardDuty, Security Hub, AWS Config, Organizations / Control Tower / Landing Zone.

Is testing read-only or do you make changes?

Read-only by default. We use the AWS-managed SecurityAudit IAM role for the discovery and CIS audit phases. Manual exploitation phases (IAM privilege escalation, IMDS attacks, EKS escape attempts) only run with explicit written authorisation per resource type, in agreed maintenance windows, with full audit-log capture.

Do you test EKS / Kubernetes pod security?

Yes. EKS reviews include control-plane configuration, RBAC scrutiny, IAM Roles for Service Accounts (IRSA), pod security standards (PSS), node IAM trust, container image registry security, network policies, and pod-to-node escape paths via IMDSv1 abuse, hostPath mounts, or privileged containers.

Does AWS allow penetration testing?

Yes. AWS permits customer-led penetration testing of most services, including EC2, RDS, Lambda and API Gateway, without prior approval under its customer support policy. A few activities, such as DNS or DDoS-style simulation, still need authorisation. We scope every engagement to stay within AWS testing rules and your change controls.

How secure is the AWS cloud?

AWS secures the infrastructure, but under the shared responsibility model you secure your IAM, S3, networking and data configuration, and that is where most breaches start. An AWS cloud security review checks the customer side against the CIS AWS Foundations Benchmark and proves which weaknesses are actually exploitable.

What about multi-account AWS Organizations?

Multi-account testing is fully supported. We map the entire Organizations structure, evaluate Service Control Policies (SCPs), audit cross-account trust relationships, review AWS Control Tower / Landing Zone deployments, and test data perimeter enforcement (RCPs in preview, plus existing identity / service / resource perimeters).

Do you test infrastructure-as-code (Terraform / CloudFormation / CDK)?

Yes. Pre-deployment IaC review is offered as a separate engagement or bundled with cloud testing. We review Terraform / OpenTofu, CloudFormation, AWS CDK, and Pulumi for misconfigurations, secret leakage, and policy violations before the resources hit your AWS account.

Can you provide remediation guidance?

Yes. Every finding ships with prioritised remediation guidance and where applicable, example Terraform / CloudFormation patches. For high-severity findings we include direct engineer access via our portal so your platform team can ask follow-up questions during remediation.

Do you test for IMDSv1 / IMDSv2 issues?

Yes. IMDSv2 enforcement is one of the most common AWS findings; IMDSv1 allows server-side request forgery (SSRF) to retrieve EC2 instance metadata including IAM credentials. We test every EC2 instance, Lambda, and ECS task to verify IMDSv2 is enforced and IMDSv1 is disabled.

Are your testers UK-based and what certifications do they hold?

All AWS testers are vetted UK or international engineers. Relevant certifications across the team include CREST CRT and CCT INF, AWS Certified Security: Specialty, OSCP, OSCE, and platform-specific specialisms (e.g., Kubernetes CKS, eMAPT). SC-cleared testers are available for public-sector and regulated-financial engagements.

Do you sign NDAs?

Yes. Standard NDA before any technical detail is shared, and we operate under a project-specific master agreement that includes data handling, deliverable IP, and breach notification clauses. Custom MSAs and AUP terms are accepted for enterprise and public-sector clients.

Is an AWS security review the same as an AWS cloud security review?

Yes. AWS security review, AWS cloud security review and AWS configuration review all describe the same engagement: a CREST-certified assessment of your AWS account against the CIS Foundations Benchmark, combined with manual exploitation across IAM, S3, networking and compute. The name varies by buyer; the methodology does not.

Is AWS more secure than Azure?

Both are secure when configured correctly; most incidents come from customer-side misconfiguration, not the platform. If you run workloads on both, we test each against its own CIS Foundations Benchmark. See our Azure cloud security review for the equivalent assessment.

EXPLORE EVERY SERVICE

20+ CREST-certified testing services in one place

Web, mobile, API, cloud, AI, infrastructure, red team. Pick the test that fits your environment.

Penetration testing services
READY TO START

Book an AWS Security Review Scoping Call

30 minutes with a CREST-certified cloud security specialist. Fixed-price quote within 24 hours. No sales pipeline.