Cloud provider integrations give LowerPlane visibility into your infrastructure security posture. By connecting your cloud accounts, you enable automated evidence collection for access controls, encryption settings, network configurations, logging, and resource inventories.

Supported Cloud Providers

AWS

Amazon Web Services including Security Hub, Config, CloudTrail, IAM, GuardDuty, Inspector, and ECR.

Azure

Microsoft Azure including Defender for Cloud, Entra ID (Azure AD), DevOps, Container Registry, and Gov Cloud.

Google Cloud

Google Cloud Platform including Security Center, Cloud Asset API, Container Registry, and Cloud Storage.
Additional cloud providers supported: DigitalOcean, Heroku, Cloudflare, Netlify, Vercel, Render, Scaleway, Oracle Cloud, and AWS Gov Cloud / Azure Gov Cloud.

AWS Integration

AWS is connected using an IAM role or API access keys. LowerPlane reads data from multiple AWS services to build a comprehensive security picture.

Services Monitored

AWS ServiceWhat LowerPlane Collects
Security HubAggregated security findings across all enabled standards
AWS ConfigResource configuration history and compliance evaluations
CloudTrailAPI activity logs for audit trail evidence
IAMUsers, roles, policies, MFA status, access key rotation
GuardDutyThreat detection findings and anomalous activity
InspectorVulnerability findings for EC2 instances and container images
ECRContainer image scan results

Evidence Collected

  • IAM password policy configuration
  • MFA enforcement status for all IAM users
  • S3 bucket encryption and public access settings
  • CloudTrail logging enabled across all regions
  • VPC flow log configuration
  • Security group rules and network ACLs
  • Root account usage and access key status
Enable AWS Security Hub with the AWS Foundational Security Best Practices standard before connecting. This gives LowerPlane the richest set of findings to work with and maps directly to multiple compliance controls.

Azure Integration

Azure connects through an App Registration (service principal) with read-only permissions across your subscription.

Services Monitored

Azure ServiceWhat LowerPlane Collects
Defender for CloudSecurity recommendations and secure score
Entra ID (Azure AD)Users, groups, MFA status, conditional access policies
Activity LogAdministrative and security event audit trails
Network WatcherNetwork security group rules and flow logs
Key VaultKey and secret management configuration

Evidence Collected

  • Conditional access policy configurations
  • MFA registration and enforcement status
  • Network security group rules
  • Storage account encryption settings
  • Azure Policy compliance state
  • Diagnostic logging configuration
If your organization uses both Azure AD for identity and Azure for infrastructure, you may need two separate connections: one for the identity provider (Entra ID) and one for the cloud subscription.

Google Cloud Integration

GCP connects using a service account with read-only IAM roles.

Services Monitored

GCP ServiceWhat LowerPlane Collects
Security Command CenterSecurity findings and vulnerability reports
Cloud Asset InventoryComplete resource inventory across all projects
IAMService accounts, roles, and policy bindings
Cloud LoggingAudit log configuration and export settings

Evidence Collected

  • Organization policy constraints
  • VPC firewall rules
  • Cloud Storage bucket IAM and encryption settings
  • Service account key rotation status
  • Audit log sink configuration
  • Binary authorization policies for GKE

What Controls Are Covered

Cloud provider integrations contribute evidence to controls across all 50+ frameworks:
FrameworkExample Controls
ISO 27001A.8.1 (Asset management), A.10.1 (Cryptographic controls), A.13.1 (Network security)
SOC 2CC6.1 (Logical access), CC6.6 (External threats), CC7.1 (Monitoring)
HIPAAAccess controls (164.312), Audit controls (164.312(b)), Encryption (164.312(e))
GDPRArticle 32 (Security of processing), Article 25 (Data protection by design)
PCI-DSSReq 1 (Firewall), Req 3 (Stored data), Req 7 (Access restriction), Req 10 (Logging)

Automated Tests

When a cloud provider is connected, LowerPlane automatically creates and runs tests such as:
  • MFA is enabled for all IAM users with console access
  • Encryption at rest is enabled for all storage resources
  • Logging is enabled across all regions and services
  • No storage buckets or blobs are publicly accessible
  • Root/owner account access keys are disabled or rotated
  • Network security groups do not allow unrestricted inbound access
  • API activity logging captures all management events
Cloud provider syncs can take several minutes for large accounts with thousands of resources. The initial sync is the longest. Subsequent syncs are incremental and complete faster.

Connection Requirements

ProviderAuth MethodMinimum Permissions
AWSIAM Role (cross-account) or Access KeysSecurityAudit managed policy, ReadOnlyAccess to Security Hub and Config
AzureApp Registration (Service Principal)Reader role on subscription, Directory.Read.All for Entra ID
GCPService Account JSON Keyroles/viewer on project, roles/securitycenter.findingsViewer
LowerPlane operates in read-only mode. It never creates, modifies, or deletes resources in your cloud accounts. The permissions listed above are sufficient for full evidence collection.

Multi-Account and Multi-Region

For organizations with multiple cloud accounts or regions:
  • AWS: Connect each account individually, or use an organization-level IAM role with sts:AssumeRole permissions for member accounts.
  • Azure: Connect each subscription. A single App Registration can be granted access across multiple subscriptions.
  • GCP: Connect each project, or grant the service account access at the organization or folder level.
Prioritize connecting production accounts first. These are the accounts auditors focus on, and they provide the highest compliance coverage.