preloader

Fix your IAM Security Posture

Plans & Pricing

Free

$0

Quick Start Marketplace
  • 3 Scans/Month
  • 100 Privilege Escalations/Scan
  • Top5 Full Access
  • Resource Inventory
  • Effective Permissions & Reachability
  • Cloud Scanning
  • E-Mail Notifications
  • Automated Daily/Weekly Scans

Professional

Starting at $25

Buy Now Marketplace
  • Variable Scans
  • Unlimited Privilege Escalations
  • Unlimited Full Access
  • Resource Inventory
  • Effective Permissions & Reachability
  • Cloud Scanning
  • E-Mail Notifications
  • Automated Daily/Weekly Scans
  • Report Export: Excel, CSV
  • Contextualized IAM Misconfigurations
  • Cross Account Scanning
  • IaC Scanning (Beta)

Enterprise

Tailored to your needs

Speak To Us
  • Variable Scans
  • Unlimited Privilege Escalations
  • Unlimited Full Access
  • Resource Inventory
  • Effective Permissions & Reachability
  • Cloud Scanning
  • E-Mail Notifications
  • Automated Daily/Weekly Scans
  • Report Export: Excel, CSV, JSON
  • Contextualized IAM Misconfigurations
  • Cross Account Scanning
  • IaC Scanning (Beta)
  • Single Sign-On (SSO) / Team Management
  • Project Management Tool Integration
  • CI/CD Integration
  • Rich API Access & Webhook
  • AWS Organizations Support
  • AWS Identity Center Support
  • Service Control Policies (SCPs) Support
  • Resource Control Policies (RCPs) Support

Frequently Asked Questions

Questions? Answers!
Not found the answer you are looking for?

Ask Question

CodeShield directly uses the AWS API to analyze your cloud environment for IAM privilege escalation vulnerabilities. To do so, CodeShield deploys a Cross-Account Role in your account. This role is exclusively used by CodeShield to connect to your account. You’ll find further details in our documentation Documentation QuickStart

CodeShield only needs read-access to the resources in your AWS account. However, CodeShield DOES NOT have access to any data stored in databases or S3 buckets.

A detailed overview of the permissions is given in https://codeshield-public-templates-production.s3.eu-central-1.amazonaws.com/aws_connect_codeshield.yml

If you cancel your subscription you can still login into the dashboard and view your old scan results. However, you cannot trigger any new scans.

No. All credit card activity and information is handled by our third-party provider, Stripe (see Stripe’s Terms and Services).

You’ll find further, detailed information, e.g., support resources, quick-start guide, etc., in our documentation.

Time to uplift your cloud security

See what CodeShield can do for your cloud.

Try for free
cta Image