AWS posture changelog
Track shipped AWS posture coverage and product milestones.
This changelog records the product changes that matter to buyers: new checks in the live scanner, new proof pages on the `.net` surface, and the dated milestones that explain where coverage currently stands.
Current milestone
Live checks 19 shipped posture checks
Proof pages Coverage, role, sample report
Surface AWS-only `.net` focus
March 23, 2026
Expanded the live AWS posture engine to include root access keys absent, CloudTrail multi-region, AWS Config recorder, GuardDuty, Security Hub, and S3 default encryption.
March 23, 2026
Expanded the live engine with KMS rotation plus RDS public-access, encryption, backup, and deletion-protection checks.
March 23, 2026
Published coverage matrix, read-only role, service-specific proof pages, competitor pages, and an in-console coverage matrix for buyers and operators.
Identity
- Root account MFA enabled
- Root access keys absent
- IAM password policy
- IAM users have MFA
- Access keys rotated within 90 days
Detection and logging
- CloudTrail enabled
- CloudTrail multi-region trail enabled
- AWS Config recorder enabled
- GuardDuty enabled
- Security Hub enabled
Storage and network
- KMS key rotation enabled
- S3 public access block enabled
- S3 buckets not publicly accessible
- S3 default encryption enabled
- RDS instances are not publicly accessible
- RDS storage encrypted
- RDS automated backups enabled
- RDS deletion protection enabled
- Security groups restrict risky ports
Proof Path
Use the changelog to connect shipped work to the buyer-facing pages.
- Coverage matrix for exact current scope
- Sample report for buyer-facing output
- Read-only role for setup review
- Alternatives hub for comparison context