AWS Audit and risk assessment

Dive even deeper into your cloud architecture and make sure you’re getting the best performance across every facet of your AWS account.

A well-built, stable cloud environment is essential

Our AWS Audit and Risk Assessment has been developed to help businesses maintain secure, high-performing, resilient, and efficient infrastructure for their applications.

We’ll spend time assessing your environment—we won’t make any changes, read-only access is all we need—and producing documentation that clearly maps where you are now, and offers an actionable plan for getting you where you need to be.

How secure is your AWS infrastructure? As part of our AWS Audit and Risk Assessment, we’ll scrutinise factors including (but not limited to):

  • Access Management and AWS Account setup
  • Analysis of security groups, password policies, access key recycling policies, IAM user access, and root account access
  • Creation of a risk register to outline high-risk items, the probability and impact of any risk, and remedial recommendations
  • Multi-Factor Authentication
  • Documenting application flows and dependencies
  • Feature alignment to ensure you’re making the most of the AWS landscape
  • Backup and retention schedules
  • Availability zones and multi-regions
  • Encryption
  • Technology Resiliency assessment
After the assessment is complete, you’ll receive two documents from Rebura:

1. Risk Assessment Scorecard and Recommendations

Using the traffic light system, this document outlines risks based on scores for likelihood, severity, and impact, along with recommended resolutions for each

2. Audit Results Document

Highlighting key findings, specific areas of interest, and a breakdown of all the information gathered throughout the review

Both documents will include recommended remedial actions, but no changes or remedial actions will be performed as part of this piece of work.

We’ll then talk through the recommendations with you and develop a plan for implementing any recommendations you decide to roll out.

Some additional areas we can review at your request include:
  • Creation of Asset Recordings
  • Creation and testing of monitoring workflows
  • Rightsizing and cost optimisation
  • Logging and monitoring tasks including analysis and/or setup of Cloudtrail and Cloudwatch, as well as third-party tools like New Relic or Datadog
  • Review incident management processes and cyber incident response plan
  • Creation or review of Disaster Recovery Plans


If you’re looking to go further on your journey to a Well-Architected AWS environment and maximise your cloud investment, we’re ready to help.