SOC 2 · AWS · AI/Agentic Risk

Your next audit will
ask about your
AI stack.

We already checked.

Flintwood delivers automated monthly SOC 2 readiness reports for AWS — with a dedicated AI and agentic risk layer your auditor hasn't mapped yet.

Request free pilot report See how it works →
SOC 2 Readiness Report
April 2026 · AWS us-east-1
Improving ↑
Readiness Score
74
↑ +6 pts since March
Critical
bedrock-agent-prod has bedrock:InvokeModel on * with S3 write access and no MFA condition.
High
Bedrock invocation logging disabled in production. No audit trail for model calls.
Medium
3 Lambda functions with AI permissions not tagged as AI workloads.
14 findings · 3 new this month Human-reviewed ✓
Monthly
Continuous readiness — not a one-time snapshot
5 days
First report delivered, free, no commitment
Read-only
Single IAM role — nothing runs in your account
AI-native
Bedrock, SageMaker & agentic Lambda risk layer
Why it matters

SOC 2 isn't a checkbox.
It's 12 months of evidence.

A SOC 2 Type II report proves your controls operated effectively over an audit period — typically the 12 months before your auditor shows up. Enterprise buyers require it. Their legal teams will ask for it before signing.

The controls they test are almost entirely in your AWS environment: who has access, what's logged, how changes are tracked. Most companies don't know their gaps until the auditor finds them. By then it's too late to fix — it's in the report.

CC6 · Logical Access
Who can access what, and when
IAM policies, MFA enforcement, stale credentials, root account usage, least-privilege roles — the controls auditors spend the most time on.
CC7 · Monitoring
What's logged and alerting
CloudTrail coverage, GuardDuty, SecurityHub findings, S3 access logging — evidence that you know what's happening in your environment.
CC8 · Change Management
How changes are controlled
Config recorder, non-compliant rules, deployment approvals, change records — proof that your environment doesn't drift without oversight.
How it works

Three steps.
No agents. No ongoing access.

01
Deploy a read-only IAM role
Deploy a single read-only IAM role via one-click CloudFormation — no CLI, no local tooling. It opens in your AWS Console, pre-filled. Review the permissions, click Create Stack. We assume the role once a month, then disconnect.
One-click CloudFormation · 2 min · No CLI
02
We scan and map to SOC 2 TSC
Every month we scan your environment and map every finding to Trust Service Criteria — CC6, CC7, CC8 — plus a dedicated layer covering your AI and agentic workloads.
TSC-mapped · AI risk layer · Month-over-month drift
03
Receive a human-reviewed report
Every report is reviewed by a human before it reaches you. No raw scanner output. You get context, severity, and prioritized remediation — ready to share with your auditor.
Auditor-ready · Prioritized · No noise
Flintwood exclusive

The AI risk layer your auditor doesn't have a checklist for yet.

As your AI stack grows, so does your audit surface. Bedrock roles, autonomous Lambda chains, unlogged model invocations — none of this is in the standard SOC 2 playbook. We track it before your auditor asks about it.

  • Bedrock and SageMaker access control gaps
  • Agentic IAM role over-permission detection
  • Shadow AI usage via CloudTrail analysis
  • Missing human-in-the-loop controls
  • AI training data access logging gaps
  • Autonomous Lambda chain risk mapping
Critical CC6.1 · Logical Access
Over-permissioned Bedrock agent role
bedrock-agent-prod has bedrock:InvokeModel on * with S3 write access and no MFA condition. Direct path to production data exfiltration.
High CC7.2 · System Monitoring
Bedrock invocation logging disabled
Model invocation logging is off in production. There is no audit trail for model calls — a gap that will surface in your SOC 2 review under CC7.2.
High CC8.1 · Change Management
Autonomous Lambda chain without approval gate
2 Lambda functions form an autonomous chain that can invoke Bedrock and write to S3 with no human-in-the-loop control or change approval record.
Medium CC6.7 · Data Classification
Shadow AI workloads detected
CloudTrail shows 3 untagged resources making Bedrock API calls outside your inventoried AI workload scope and current access control policy.
Why Flintwood

Built for mid-market AWS teams that move fast and audit annually.

Independent
No cloud vendor agenda
Flintwood is cloud-neutral and AWS-only by design — not a feature of a larger platform with a quarterly roadmap you can't influence. Your readiness report is ours to obsess over.
Narrow scope
SOC 2 + AWS + AI. That's it.
We don't sell you a 400-page CNAPP platform you'll use 10% of. We do one thing: monthly SOC 2 readiness for AWS, with an AI risk layer that no other tool has mapped yet.
Human reviewed
Not a raw scanner dump
Every report is reviewed before it reaches your inbox. Context, severity, and prioritized remediation — not a wall of alerts. Your engineering team will actually read it.
Common questions

Everything you need to know before connecting your AWS account.

How does AWS access work? Do I need to install anything?
No. You deploy a read-only IAM role using a one-click CloudFormation button — it opens directly in your AWS Console, pre-filled. You review the exact permissions, click "Create Stack," and it's done in under 2 minutes. No CLI, no credentials to configure, nothing to install.
What can Flintwood see in my AWS account?
Configuration metadata only — IAM policies, CloudTrail trails, GuardDuty findings, Config rules, S3 bucket policies, Lambda configurations, and Bedrock role permissions. We do not access S3 object contents, databases, application secrets, or any customer data stored in your account.
Is it safe to give a third party read-only access?
You deploy the role — you control it. Every access we make appears in your CloudTrail logs. You can revoke access instantly by deleting the IAM role or CloudFormation stack — no support ticket, no offboarding process. This is the same pattern used by Wiz, Datadog, Lacework, and every major AWS security vendor.
Does this affect my SOC 2 compliance?
It helps it. Our access is read-only, scoped to specific services, and logged in CloudTrail — that's CC7 evidence you're generating automatically. Auditors treat documented third-party security assessment access as a positive control signal. We provide a Data Processing Agreement on request at hello@flintwood.io that describes exactly what we access and how we handle it.
How do I revoke access?
Delete the CloudFormation stack (or the IAM role directly) from your AWS Console. Access is revoked instantly — we can no longer assume the role. Nothing else required.
Sample report

See exactly what you'd receive.

Every Flintwood report covers your full AWS control posture — CC6 access, CC7 monitoring, CC8 change management — plus a dedicated AI risk section your auditor hasn't seen before. Human-reviewed before it reaches you.

Download sample report (PDF) ↓

Fictional data · Covers a real finding set · Same template as production reports

SOC 2 Readiness Report
Acme Corp · AWS us-east-1
May 2026
71
/ 100
Findings
2
Critical
4
High
4
Medium
2
Low
Critical CC6.1 · Logical Access
Over-permissioned Bedrock agent role
Role bedrock-agent-prod has bedrock:InvokeModel on * with S3 write — no MFA condition.
12 findings · AI risk section included Human-reviewed ✓
Free pilot

First report free.
No commitment.

We'll scan your AWS environment and deliver a full SOC 2 readiness report — including AI risk findings — within 5 business days. No strings.

AWS only · Read-only IAM role · SOC 2 TSC mapping included