Scan a CloudFormation Bundle

This page explains how to scan a single CloudFormation stack or a bundle (i.e., a set of CloudFormation stacks)

We recommend using CodeShield for scanning of the entire account or regions. Those scans include scanning of identity-based resources (like users and groups), which frequently serve as entry points to the attack scenarios and are usually not defined in CloudFormation stacks.

Scan a Bundle of CloudFormation stacks

  1. Click on Select CloudFormation stack(s) to scan from My AWS account on the bottom of the page, to select one or more of your CloudFormation stacks to scan together.
  2. If multiple stacks are selected, you can give the selection a name for later reference.
  3. Confirm with Scan selected stacks.
  4. Wait for the results to be ready. The scan time takes about 5-10 minutes, depending on the number of resources in the stack. You’ll be notified via mail once the scan is ready.
  5. Inspect the results.
Last modified September 23, 2022