LIVE · HOW WOULD YOU LIKE TO CONSUME THIS PAGE?
View as HumanRead as Agent
Free, Hands-On API Security Certification
Free, Hands-On API Security Certification
Free, Hands-On API Security Certification
Free, Hands-On API Security Certification
Free, Hands-On API Security Certification
Free, Hands-On API Security Certification
Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cross-Account AWS Discovery

Infrastructure
Discovery.

Infrastructure Discovery is a continuous, cross-account asset discovery and traffic mirroring platform for AWS estates, mapping every API, compute, network, and IAM resource across up to 5,000 accounts and connecting discovered endpoints to Wallarm protection in under an hour.

No per-account credentials managed by you. No DevOps ticket. No production risk.
Start For Free
Read-only IAM
Up to 5,000 accounts
2 min to first scan
Trusted By

The world's most demanding teams run on Wallarm.

Learn More About Wallarm's Customers
The Problem

A finding fires in account number
847 out of 1,200. Now what?

A mid-size enterprise on AWS runs 100 to 200 accounts. A large one runs 1,000 to 5,000. Security only knows about a fraction of them. 90% of IT leaders are concerned about shadow AI, and most can't tell you where it's running.
What You Have
Gives You
Misses
Confluence inventory
What you wrote down
X What shipped this week
Spreadsheet
A point-in-time snapshot
X Drift
AWS Config
A configuration log
X The protection workflow
The Scale Problem

5,000

AWS accounts in a single enterprise estate. Each one is an independent security boundary.
Source: AWS Well-Architected Framework, 2026
The Solution
Part of the AI Control Loop

From AWS estate to Wallarm
protection in under an hour.

Infrastructure Discovery uses cross-account IAM to scan every AWS account you register, across every region. It maps your EC2, EKS, load balancers, API Gateway, Lambda, VPC, and IAM. Infrastructure Discovery is the cloud asset layer of the AI Control Loop, the step that makes everything else possible across your AWS estate.
1
Topology

Cross-account topology

Register each AWS account once with a read-only role. Map every account, region, VPC, and supported resource in a single live graph.
2
Findings

Security Hub sync

Pull GuardDuty, Inspector, Macie, and IAM Access Analyzer findings every 5 minutes. Land them on the topology node they affect, in plain language.
3
IAM

IAM and least-privilege analysis

Find over-permissioned IAM roles across every account. See what each role can actually reach, including the roles your AI workloads assume.
4
Drift

Drift detection

Diff every scan against the last. Surface every created, changed, or deleted resource with field-level changes and CloudTrail creator attribution.
5
Rules

Customer-authored rules

Write your own detection and triage rules in CEL. They run inside your tenant. No platform fork, no vendor PRs, no waiting.
6
Mirror

One-click traffic mirroring

Detect every plain-HTTP endpoint and mirror its traffic into Wallarm with one click. VPC Traffic Mirror or Gateway Load Balancer. Auto-tagged. Reversible.
AWS Partnership

How Wallarm and AWS
work together.

Discovery uses native AWS services across the stack: cross-account IAM, Gateway Load Balancer, Security Hub, Systems Manager, Secrets Manager, and CloudTrail. All inside your environment.
AWS Security Token Service
Gateway Load Balancer
AWS Security Hub
AWS Systems Manager
AWS Secrets Manager
AWS CloudTrail
Try Infrastructure Discovery for Free
Security Competency
Application Security
Marketplace
Available now · Private offers & co-sell
FAQ

Frequently asked questions

Does Infrastructure Discovery require write access to my AWS accounts?

Discovery uses a read-only IAM role for resource enumeration. Traffic mirroring uses a separate, write-scoped role with disjoint permissions. Both assume cross-account access via STS with an ExternalId. You review the IAM policy before applying it, and a single API call tears down everything Wallarm provisioned.

How does Infrastructure Discovery handle multi-account AWS estates?

Register each AWS account once with whichever credential method that account supports: STS role assumption with optional ExternalId, AWS SSO profile, or static access keys. Discovery runs collectors in parallel across every registered account and region.

What is the difference between Infrastructure Discovery and AWS Config?

AWS Config is a configuration recorder. Infrastructure Discovery is a protection workflow. It builds a live topology graph, classifies plain-HTTP endpoints by source type, provisions traffic mirroring on demand, and feeds the result into Wallarm protection. AWS Config can supply data, but it does not solve the problem.

Will Infrastructure Discovery affect production traffic when it provisions mirroring?

No. Traffic mirroring is out-of-band and copy-only. Wallarm sees a duplicate of the traffic. Your production path is unchanged. Latency and availability are not affected. Mirroring uses VPC Traffic Mirror for small footprints and Gateway Load Balancer for multi-VPC environments, with full inspection VPC and per-spoke endpoints provisioned automatically.

Where does my data live?

Each tenant is region-locked at creation: US or EU, immutable. Dedicated RDS, separate credentials, dedicated namespace. No shared state between tenants. Wallarm Cloud receives analysis results, not raw packet captures. Customer IPs and ARNs are not stored in shared logs.

How long does Infrastructure Discovery take to deploy?

Two minutes from tenant creation to first scan. First scan results visible within five minutes of completion. From there, mirroring is one click per VPC. Time-to-first-mirrored-traffic is roughly an hour for an enterprise estate, compared to the eight-week DevOps project that has historically been the alternative.

How much does Infrastructure Discovery cost?

Infrastructure Discovery is available on AWS Marketplace with a Free tier, a $200/month Professional tier, and a $500/month Enterprise tier — priced per AWS account, not per asset.

Infrastructure Discovery is where cloud visibility starts.

You can't protect what your protection layer can't see. Infrastructure Discovery maps your AWS estate — every account, every region, every endpoint — and feeds it directly into Wallarm protection. That's the cloud asset foundation of the AI Control Loop. Add AI Hypervisor for runtime AI agent observability inside your clusters. Add API Security for inline protection across every API surface. The loop closes when the full estate is covered.

Map your AWS estate
in 10 minutes.

Start scanning for free. Read-only. No agent installed. No production traffic touched.
Start for Free