What Cloud Tests do
Cloud Tests connect your cloud accounts to Comp AI and continuously evaluate them against security and compliance controls. Each finding is mapped to the frameworks you track (SOC 2, ISO 27001, CIS, PCI DSS, HIPAA), so cloud misconfigurations show up directly in your compliance posture. All connections are read-only by default. Comp AI only makesGET / list calls against each cloud provider unless you explicitly opt in to auto-remediation (AWS).
Supported providers
AWS
Cross-account IAM role with External ID. No access keys stored.
Azure
Sign in with Microsoft OAuth, or provision a service principal.
GCP
Sign in with Google OAuth. Findings flow from Security Command Center.
How connections are authorized
| Provider | Connection method | What you provide |
|---|---|---|
| AWS | Cross-account IAM role (STS AssumeRole) | Role ARN + External ID (pre-filled in the UI) |
| Azure | OAuth 2.0 (primary) or service principal | Microsoft sign-in, or Tenant + Client ID + Secret + Sub ID |
| GCP | OAuth 2.0 | Google sign-in; org + projects auto-detected after consent |
Common capabilities
Regardless of provider, each connection supports:- Continuous scanning on a schedule, with on-demand re-scans
- Per-service toggles so you can enable only the checks you care about
- Findings mapped to frameworks (SOC 2, ISO 27001, CIS, PCI DSS, HIPAA)
- Evidence collection that plugs directly into the compliance module
- Multiple connections per provider so you can monitor multiple accounts, subscriptions, or orgs separately