Update - TrustOS Automated terraform PR's to fix AWS cloud misconfigurations
Hello Everyone.
A week ago I posted about TrustOS and got some really useful feedback here. Made changes based on what you all pointed out and looking for more thoughts.
What it does:
Scans your AWS infrastructure across S3, EC2, IAM, KMS, RDS and CloudTrail, detects misconfigurations against 29 controls across SOC 2, ISO 27001, HIPAA and GDPR, then automatically generates the Terraform code to fix each violation and opens a GitHub pull request. You review and merge. Nothing touches production without your approval.
Changes made based on feedback:
The biggest concern from last time was AWS permissions. Replaced the broad ReadOnlyAccess policy with a custom least-privilege IAM policy that lists the exact actions TrustOS needs for each service it scans. No s3:Get*, no reading actual data whatsoever. Configuration metadata only. The full policy is documented in the README so you can audit it before connecting anything.
The scanning engine is also open source so you can see exactly what gets fetched from your account.
Looking for:
Honest feedback on the permission scope, anything that looks off in the approach.
Links:
Website : trust-os-sigma.vercel.app (Won't invest on a domain just yet - need proper validation on the idea)