Which cloud providers does this skill cover?

This skill provides comprehensive security auditing guidance for AWS, Microsoft Azure, and Google Cloud Platform. It covers provider-specific services (like AWS IAM, Azure AD/Entra ID, GCP IAM), shared responsibility models, and cross-cloud security patterns. You can audit a single provider or multi-cloud environments.

Do I need cloud admin access to use this skill?

For a thorough audit, you should have read-only access to your cloud accounts. The skill guides you through using native cloud tools (AWS Security Hub, Azure Defender, GCP Security Command Center) and open-source scanners (Prowler, ScoutSuite, Checkov) that require API credentials. However, you can also use this skill to learn about cloud security best practices without active access.

How does this relate to CIS Benchmarks?

The skill maps audit checks directly to CIS Benchmark controls for AWS, Azure, and GCP. CIS Benchmarks are the industry-standard security configuration guides published by the Center for Internet Security. This skill helps you interpret CIS findings, prioritize remediation, and implement fixes with specific CLI commands and IaC templates.

Can this skill help with compliance audits like SOC 2 or ISO 27001?

Yes. While this skill focuses on technical cloud security controls, it maps findings to common compliance frameworks including SOC 2 Trust Service Criteria, ISO 27001 Annex A controls, NIST CSF, PCI-DSS, and HIPAA. It helps you generate evidence artifacts and remediation documentation that auditors expect to see.

Cloud Security Auditor

PRO

Advanced 45 min Verified 4.9/5

Audit cloud infrastructure security across AWS, Azure, and GCP. Covers IAM policies, network security, encryption, CIS benchmarks, common misconfigurations, and remediation steps for multi-cloud environments.

Last updated: February 10, 2026

Example Usage

I’m the lead DevOps engineer at a Series B SaaS startup. We run our production workloads primarily on AWS (EKS, RDS, S3, Lambda) with some Azure AD integration for SSO. We’re preparing for our first SOC 2 Type II audit next quarter and our CISO wants a comprehensive cloud security assessment. I need help auditing our IAM policies, reviewing our VPC configurations, checking S3 bucket policies, validating encryption settings, and identifying any CIS benchmark violations. We have about 15 AWS accounts managed through AWS Organizations.

Skill Prompt

Pro Skill

Unlock this skill and 1101+ more with Pro

This skill works best when copied from findskill.ai — it includes variables and formatting that may not transfer correctly elsewhere.

How to Use This Skill

Copy the skill using the button above

Paste into your AI assistant (Claude, ChatGPT, etc.)

Fill in your inputs below (optional) and copy to include with your prompt

Send and start chatting with your AI

Suggested Customization

Description	Default	Your Value
My primary cloud provider	`AWS`
Other cloud providers I use alongside my primary	`None`
My deployment environment	`production`
Compliance standards my organization must meet	`CIS Benchmarks`
The scope of my cloud security audit	`comprehensive`
My organization's size for appropriate recommendations	`mid-size (50-500 employees)`

Research Sources

This skill was built using research from these authoritative sources:

CIS Benchmarks for Cloud Providers Industry-standard security configuration benchmarks for AWS, Azure, GCP, and other cloud platforms published by the Center for Internet Security
AWS Security Best Practices Official AWS security documentation covering IAM, VPC, encryption, logging, and the AWS shared responsibility model
Microsoft Azure Security Documentation Official Azure security fundamentals including identity management, network security, data protection, and Azure Defender
Google Cloud Security Best Practices GCP security recommendations covering organization policies, VPC Service Controls, IAM, and data encryption
NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing Federal guidelines for understanding cloud security risks, shared responsibility, and recommended security controls
OWASP Cloud Security Project OWASP guidance on cloud-native security risks, serverless vulnerabilities, and container security in cloud environments
Prowler Open Source Cloud Security Tool Open-source security assessment tool for AWS, Azure, and GCP with CIS Benchmark automation and compliance mapping

Example Usage

Pro Skill

How to Use This Skill

Suggested Customization

Related Skills

Research Sources

Pair This Skill With

Did this skill work for you?