Free AWS Security Whitepaper
    Toc Consulting Logo
    Free, read-only, no obligation

    Find your biggest AWS security risks. In week one.

    A specialist review of your AWS account. We surface the misconfigurations that get companies breached, ranked by severity, with a clear plan to fix them. No sales fluff, just findings.

    Book your free assessmenthello@tocconsulting.fr

    By the team behind 75 AWS Security Cards and the open-source AWS security scanners.

    What you get

    A report you can act on, not a sales pitch

    Prioritized findings

    Every misconfiguration that matters: public exposure, over-privileged IAM, plaintext secrets, deprecated runtimes, and more.

    Severity-scored report

    Each finding scored by real blast radius, so you fix what actually gets companies breached first.

    Compliance mapping

    Findings mapped to PCI DSS, HIPAA, SOC 2, ISO 27001, NIST, and GDPR controls for your auditors.

    A remediation plan

    The exact AWS CLI commands and IAM policies to close each gap. You can run them yourself or with us.

    How it works

    Two weeks, zero risk to your account

    1

    Scoped, read-only access

    You grant a read-only role. We never change anything in your account.

    2

    Assessment in week one

    We scan and review your AWS account across security, IAM, network, and data protection.

    3

    Action plan in week two

    A prioritized fix list and a walkthrough call. Then fix it yourselves, or we do it with you.

    Read-only access. We use only List, Get, and Describe operations.

    Specialists, not generalists

    Toc Consulting is a focused AWS security and cloud architecture practice, led by an AWS Community Builder. We do this every day, and we publish our methods in the open: 75 AWS Security Cards, the open-source security scanners, and the "State of AWS Security 2026" whitepaper. The same depth that goes into our public work goes into your assessment.

    • AWS security, architecture, and migration specialists
    • AWS Community Builder, 20+ years in IT
    • Read-only and safe: we never touch production
    • Findings mapped to the compliance frameworks you report on
    FAQ

    Questions, answered

    Is it really free?

    Yes. The assessment and the prioritized findings are free, with no obligation. We only charge if you choose to have us remediate.

    What access do you need?

    A scoped, read-only IAM role. We use only List, Get, and Describe style operations. We cannot modify, invoke, or read your application data.

    How long does it take?

    Findings in week one, a prioritized action plan in week two. Smaller accounts are faster.

    Who is this for?

    Teams running production workloads on AWS who want a clear, specialist view of their security posture before an audit, a launch, or a board review.

    See what an attacker would see in your AWS account

    Book the free assessment. Worst case, you get a clear, prioritized security report for nothing.

    Book your free assessmentEmail hello@tocconsulting.fr

    Or browse our 75 AWS Security Cards first