FREE SUMMARY
START YOUR SCAN
Connect your AWS account
Bastioneer will run a read-only scan of your resources to detect waste. Takes 60 seconds.
1
Enter email
2
Deploy stack
3
Scan
STEP 1 , EMAIL ADDRESS
STEP 2 , DEPLOY CLOUDFORMATION
What this CloudFormation stack does:
Creates a read-only IAM role named BastioneerReadOnlyRole
Grants list/describe permissions for EC2, RDS, S3, and other AWS services
Secured with an External ID , only Bastioneer can assume this role
No write, modify, or delete permissions ever
IAM POLICY PREVIEW
READ-ONLY
// Allow: List and describe only
"ec2:Describe*"
"rds:Describe*"
"s3:List*"
"cloudwatch:Get*"
// Deny: All write actions
"ec2:Terminate*" ❌
"rds:Delete*" ❌
"s3:Delete*" ❌
"ec2:Describe*"
"rds:Describe*"
"s3:List*"
"cloudwatch:Get*"
// Deny: All write actions
"ec2:Terminate*" ❌
"rds:Delete*" ❌
"s3:Delete*" ❌
Your unique External ID
This token is pre-filled in the CloudFormation template: bast-xxxxxxxx-xxxx
Credentials expire automatically
Bastioneer uses temporary AWS STS credentials (1-hour max). After the scan completes, Bastioneer has zero access until you authorize a new scan.
Opens in new tab , stack pre-configured
Scan in progress...
Analyzing your AWS resources across all services.
EC2
RDS
S3
Elastic IPs
EBS Snapshots
Load Balancers
Results will be emailed to your address