Kikimora
← all integrations

Cloud Infrastructure

AWS

Gain deep visibility into your AWS security posture - findings, configurations, and logs in one conversation.

TRY ASKING:

“Show me all active critical findings from AWS Security Hub across all regions.”

  • “Which S3 buckets allow public access across every account, and why?”
  • “Audit my IAM roles for wildcard permissions and unused access keys.”
  • “Correlate this GuardDuty finding with the CloudTrail events around it.”

Kikimora connects to AWS through read-only APIs and turns Security Hub, GuardDuty, IAM, S3, EC2 and CloudTrail into a conversational surface. Ask for findings, correlate them with affected resources, and generate remediation steps, all without opening the console.

Manage AWS security from one conversation

The integration covers the security signals that matter most across a multi-account AWS estate: aggregated Security Hub findings, GuardDuty threat detections, IAM identity and policy state, S3 bucket exposure, EC2 inventory, and the CloudTrail activity that ties an event back to who did what. Because access is read-only by default, you get the visibility without handing over the ability to change anything unattended.

What you can do

  • Pull Security Hub findings and insight results, filtered by severity, region, or resource.
  • Audit IAM roles and S3 bucket policies for drift and public exposure.
  • Trace CloudTrail activity around a suspicious event.
  • Generate CLI commands or Terraform to remediate, applied only on your approval.

Things you might ask

  • “Group every public S3 bucket by root cause so I fix the policy, not just the symptom.” When a bucket turns up exposed, the next step is closing it safely. Our walkthrough on how to close a public S3 bucket in three sentences shows the finding-to-fix loop end to end.
  • “Show me the GuardDuty findings from the last 24 hours and which EC2 instances they touch.”
  • “Which IAM users still have access keys that have not been rotated in 90 days?”

AWS sits alongside the other clouds in your stack. If you also run workloads on Microsoft cloud, the Azure integration brings Defender alerts and NSG audits into the same conversation, so cross-cloud posture reports stay in one place.

Connect AWS - free Browse all integrations

[ faq ]

What AWS permissions does Kikimora need? +

A read-only IAM role is enough to query findings, configurations, and logs. The default posture is read-only. Write actions, like applying a fix or closing a bucket, are proposed as exact CLI or Terraform and run only after you approve them in the conversation.

Can Kikimora change my AWS resources without asking? +

No. Every write is approval-gated. The agent shows you the precise change first, and nothing is applied until you say yes. An immutable audit entry is written for each approved action.

How long does it take to connect AWS? +

A few minutes. You create a read-only role and hand Kikimora the credentials. There are no agents to install on your instances and no console configuration to maintain.

Which AWS services does the integration cover? +

Security Hub, GuardDuty, IAM, S3, EC2, and CloudTrail today, queried across all regions and accounts you grant access to.

More in Cloud Infrastructure

Azure
Hetzner
Linode