展示HN:AWSight:与CIS/NIST对应的固定费用AWS安全检查
我在网络安全领域工作了15年,发现许多小团队在AWS安全工具的成本和维护上面临困难。如果启用AWS Security Hub和AWS Config来跟踪CIS基准或SOC 2控制,随着账户的增加,每条规则和每个资源的定价会迅速累积。
因此,我创建了AWSight,作为一个更简单的选择。它每天对您的AWS账户进行几百项安全检查,并将发现结果映射到CIS、NIST和PCI DSS控制标准。它通过只读的跨账户IAM角色连接,并且不会对您的环境进行任何写入操作。
结果会在Grafana仪表板中显示,并为每个发现提供修复步骤。我选择Grafana是因为大多数工程师已经知道如何使用它。
如果您已经在使用Prowler,AWSight基本上是这个想法的管理版本:定期扫描、历史跟踪和合规映射,而无需运行基础设施。
定价是固定的,从每个账户每月249美元起,无论资源数量如何。
可以查看带有示例数据的演示仪表板(无需注册):[https://awsight.com/demo.html](https://awsight.com/demo.html)
(Grafana面板在首次访问时可能需要几秒钟加载。)
我是这个项目的独立创始人,欢迎讨论架构、具体检查或为什么AWS Config的计费如此难以预测。
[https://awsight.com](https://awsight.com)
查看原文
I spent 15 years in cybersecurity and kept seeing small teams struggle with the cost and maintenance of AWS security tooling. If you turn on AWS Security Hub and AWS Config to track CIS benchmarks or SOC 2 controls, the per-rule and per-resource pricing adds up quickly as accounts grow.<p>I built AWSight as a simpler option. It runs a few hundred security checks against your AWS accounts daily and maps findings to CIS, NIST, and PCI DSS controls. It connects through a read-only cross-account IAM role and never writes to your environment.<p>Results show up in Grafana dashboards with remediation steps for each finding. I chose Grafana because most engineers already know how to use it.<p>If you already run Prowler yourself, AWSight is basically that idea but managed: scheduled scans, historical tracking, and compliance mapping without running the infrastructure.<p>Pricing is flat-rate starting at $249/month per account, regardless of resource count.<p>Demo dashboards with sample data (no signup): <a href="https://awsight.com/demo.html" rel="nofollow">https://awsight.com/demo.html</a><p>(Grafana panels can take a few moments to load on first visit.)<p>I'm a solo founder building this. Happy to talk architecture, specific checks, or why AWS Config billing is so difficult to predict.<p><a href="https://awsight.com" rel="nofollow">https://awsight.com</a>