Universal AWS Resource Discovery & Audit Engine
CloudAuditor is a high-performance AWS resource discovery engine that evolved from a research tool into a production-grade auditing platform. It provides comprehensive visibility across your entire AWS organization using an intelligent multi-layer fallback strategy.
Built with Python 3.13 and AWS serverless technologies, CloudAuditor automatically discovers, tracks, and reports on AWS resources across multiple accounts and regions, making it essential for security auditing, compliance reporting, and resource governance.
Discovers 549+ AWS resource types using a hybrid approach: AWS Resource Explorer 2 (primary), AWS Config (secondary), and Cloud Control API (fallback).
Native AWS Organizations integration with Hub-and-Spoke discovery model via STS AssumeRole and Resource Explorer Multi-Account Search.
Aurora Serverless v2 (PostgreSQL 15.8) database with IAM authentication, temporal asset tracking, and point-in-time audit capabilities.
Automated Excel workbook generation with executive summaries, per-service tabs, and temporal tracking using pandas and openpyxl.
Automatic parallel scanning across all active AWS regions with proper normalization of global resources (IAM, S3, CloudFront).
Granular IAM policies for zero-trust cross-account discovery, VPC-bridged Lambda architecture, and Secrets Manager integration.
Discovers hundreds of resources in ~18 seconds with intelligent caching and parallel processing across regions.
Fully automated deployment using AWS SAM with GitHub Actions CI/CD pipeline for testing and deployment.
CloudAuditor uses a lean 4-Lambda architecture focused on global resource discovery, persistence, and VPC-bridged reporting: