Security issues nobody was looking for
The client had cloud infrastructure spread across multiple AWS accounts — a common situation for teams that scale fast. The problem wasn't that they were ignoring security. It's that nobody had a clear, current view of what was actually running. Misconfigured S3 buckets, overly permissive IAM roles, unused resources with open ports — these don't announce themselves.
What the tool does
We built a serverless scanning tool on AWS Lambda that runs on a schedule and produces a structured vulnerability report:
- Multi-account scanning. Assumes roles across accounts to scan resources without requiring persistent credentials.
- Misconfiguration detection. Checks against a ruleset covering common failure modes — public S3 buckets, unrestricted security groups, unencrypted volumes, stale access keys.
- Severity scoring. Issues are ranked by risk level so teams know what to fix first, not just what's wrong.
- Actionable alerts. Findings are delivered with remediation steps — not just flags, but what to do about them.
What it found on first scan
The first scan surfaced 14 misconfiguration issues the team hadn't known about — three of them high severity. None were active exploits, but two were the kind of open door that gets found eventually.
The tool now runs weekly. Issues are resolved before they accumulate, and the security posture is visible rather than assumed.