Assessment

AWS Security Review

A fixed-scope review of AWS security posture for teams that need practical risk reduction, clear priorities, and evidence-ready reporting.

Request a discovery call View all services
Pricing from A$9,800 ex GST
Timeline Typically 1-2 weeks Confirmed after discovery
Delivery Principal-led Remote-first, Sydney-based
Best for

When this service fits

  • AWS-native SaaS and software teams with growing account or IAM complexity
  • Lean IT teams that need a credible security baseline without a full-time cloud security hire
  • Suppliers responding to customer security reviews, cyber insurance questions, or board pressure
  • Teams that need a remediation roadmap they can act on internally or with Phylax
Scope

What the work covers

  • IAM, identity, privilege model and administrative access review
  • CloudTrail, logging, retention and detective control coverage
  • Security Hub, GuardDuty and AWS Config posture
  • Public exposure, network controls and account separation
  • Backup, restore and resilience basics
  • Secrets handling and Terraform or platform hygiene where relevant
Deliverables

What you receive

  • Technical findings report
  • Executive summary for leadership or customer-facing evidence
  • Prioritised remediation plan
  • Working session to walk through findings and tradeoffs
  • Optional roadmap into an AWS Hardening Sprint
Outcomes

What should improve

  • Clear view of the most important AWS security gaps
  • Practical remediation priorities instead of a generic risk register
  • Evidence that can support customer questionnaires and internal reporting
  • A sensible path from assessment into implementation
FAQ

Common questions

Is this a penetration test?

No. This is an AWS posture and engineering review. CREST-certified penetration testing is referred to a specialist partner when needed.

Do you need administrator access?

Access is scoped during kickoff. Read-only access is preferred for review work where practical, with any elevated access explicitly agreed.

Can the report be used for customer security questionnaires?

Yes. The report and executive summary are designed to support evidence conversations, while clearly separating completed controls from remediation still required.