Coming Soon

AWS integration

Q: Is the AWS integration available yet?

Not yet — it's in active development. Enter your email below and we'll notify you the moment it ships.

Q: What AWS permissions does FortWatch need?

A read-only cross-account IAM role for asset discovery (describe/list/get on EC2, ELB, S3, RDS, and Route 53) plus permission to call Security Hub's BatchImportFindings. FortWatch never needs write access to your infrastructure.

Q: Does this replace AWS-native security tools like GuardDuty or Inspector?

No — it complements them. GuardDuty and Inspector look at AWS from the inside; FortWatch scans from the public internet the way an attacker would, then delivers those findings into the same Security Hub console so you see both perspectives in one place.

Cloud Providers

AWS is where most cloud-native teams run their public-facing infrastructure — EC2 instances, Elastic IPs, Application Load Balancers, S3 buckets, RDS endpoints, and the Route 53 zones in front of them — and any of those can drift into being exposed without anyone noticing. The FortWatch AWS integration (currently in development) will pair FortWatch's outside-in scanning with read-only visibility into your AWS account, so the exposures an attacker would find from the internet land back in AWS Security Hub next to your other security signals, already triaged and severity-ranked.

Get notified All integrations

New alert in AWS

Criticaljust now

Exposed Redis on 203.0.113.10:6379

Unauthenticated database reachable from the internet.

View finding & step-by-step fix →

Delivered in < 1 minute

How it works

AWS + FortWatch

FortWatch connects to AWS through a read-only cross-account IAM role you create with CloudFormation (a least-privilege policy scoped to describe/list/get on EC2, Elastic IP, ELB/ALB, S3, RDS, and Route 53). FortWatch assumes that role to enumerate your public assets — Elastic IPs, load balancer DNS names, public RDS endpoints, S3 buckets, and Route 53 records — and pulls them into scope automatically so the attack surface FortWatch monitors stays in sync as you spin resources up and down. Scanning still happens from the outside, exactly as an attacker would see it; AWS just provides accurate, continuous asset discovery. Findings flow the other direction via AWS Security Hub: FortWatch publishes each issue as an ASFF (AWS Security Finding Format) finding through the Security Hub BatchImportFindings API, with the affected resource, severity, and remediation. From there you can fan findings out with EventBridge rules to Lambda, SNS, or an SOAR runbook, and FortWatch updates the finding's RecordState to RESOLVED once a rescan confirms the exposure is gone.

FortWatch scans

Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.

AI triages the finding

Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.

Delivered to AWS

The finding lands in AWS, routed by severity — so the right people see the right alert, fast.

Capabilities

What you'll be able to do

Everything the AWS integration will bring to your security workflow.

Auto-discover public assets

FortWatch reads Elastic IPs, ALB/NLB DNS names, public RDS endpoints, S3 buckets, and Route 53 records via the read-only role, so new internet-facing resources enter monitoring without manual entry.

Catch exposed managed databases

an RDS or ElastiCache endpoint with a Security Group open to 0.0.0.0/0 surfaces as a critical finding before it gets scanned by the rest of the internet.

Flag public S3 buckets

world-readable or world-listable buckets are detected from the outside and reported as findings in Security Hub.

Centralize in Security Hub

every FortWatch issue lands as an ASFF finding alongside GuardDuty, Inspector, and Config, so one console shows your full external posture.

Drive automation with EventBridge

route critical FortWatch findings to Lambda, SNS, or a SOAR runbook for auto-remediation or paging.

Track expiring and weak TLS on ACM-backed endpoints

certificates on ALBs and CloudFront that are near expiry or negotiating weak protocols show up as actionable findings.

In practice

What an alert looks like

Every finding arrives formatted for AWS — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.

Severity-tagged and color-coded
The exact asset and port affected
One click to the full finding & remediation

AWS

{ "SchemaVersion": "2018-10-08",\n  "ProductName": "FortWatch",\n  "Title": "Publicly accessible RDS endpoint with database port open to the internet",\n  "Severity": { "Label": "CRITICAL" },\n  "Resources": [{ "Type": "AwsRdsDbInstance",\n    "Id": "prod-orders-db.abc123.us-east-1.rds.amazonaws.com:5432",\n    "Region": "us-east-1" }],\n  "Description": "PostgreSQL on 5432 is reachable from 0.0.0.0/0. The bound Security Group allows the whole internet to attempt connections to a production database.",\n  "Remediation": { "Recommendation": {\n    "Text": "Restrict the Security Group to known CIDRs/VPC peers, set the instance to not publicly accessible, and require TLS." } },\n  "RecordState": "ACTIVE"\n}

Setup

Set it up in minutes, once it lands

No agents, no infrastructure changes — just connect AWS and choose where alerts go.

When it launches, open Settings → Integrations in FortWatch and choose AWS.

Deploy the provided CloudFormation stack in your AWS account — it creates a read-only cross-account IAM role and an external ID so only your FortWatch tenant can assume it.

Paste the role ARN back into FortWatch and pick the regions and asset types to discover.

Enable Security Hub in the regions you want findings delivered to, and grant FortWatch permission to call BatchImportFindings.

Run a test discovery to confirm assets sync and a sample finding appears in Security Hub, then turn it on.

Why route FortWatch into AWS?

Cloud assets change by the hour, and an Elastic IP or RDS endpoint that was private yesterday can be exposed today — usually through a Security Group edit nobody flagged. By keeping FortWatch's scope synced to your live AWS inventory and pushing findings back into Security Hub, you close the gap between what you've deployed and what's actually reachable from the internet, with the outside-in view that your AWS-native tools don't provide on their own.

FAQ

Frequently asked questions

Is the AWS integration available yet?

Not yet — it's in active development. Enter your email below and we'll notify you the moment it ships.

What AWS permissions does FortWatch need?

A read-only cross-account IAM role for asset discovery (describe/list/get on EC2, ELB, S3, RDS, and Route 53) plus permission to call Security Hub's BatchImportFindings. FortWatch never needs write access to your infrastructure.

Does this replace AWS-native security tools like GuardDuty or Inspector?

No — it complements them. GuardDuty and Inspector look at AWS from the inside; FortWatch scans from the public internet the way an attacker would, then delivers those findings into the same Security Hub console so you see both perspectives in one place.