CLOUD & IDENTITY · AWS

Turn AWS IAM posture, landing-zone drift, and account signal into procurement-readable control evidence.

A proof surface for how AWS accounts get governed: read-only IAM posture by default, machine-readable landing-zone configuration, drift surfaced against a declared baseline before it becomes an incident, and append-only evidence a security team can verify.

2 / 5 controls live
AWS IAM GuardDuty signal landing zones drift detection
The controls

5 controls. 2 live, 3 mapped — stated honestly.

Every claim points to a real artifact you can open. Where a control is specced but not yet shipped, it says so — no surface here pretends to be further along than it is.

Federated identity propagates via signed token — Kinetic Gain verifies the IdP/STS assertion and never mints its own.
artifact · kg-token-validator
Live
Every console and API action becomes an append-only, hash-chained audit event — who did what, provably.
artifact · audit-stream
Live
IAM is read-only by default; every write is a separate, named, audited grant — least privilege as a posture, not a promise.
Mapped
Landing-zone and IAM configuration is declared machine-readable; drift from the declared baseline is surfaced, not discovered in an incident.
Mapped
A buyer's security team can curl /verify the account's declared posture against live configuration.
Mapped
The differentiator

The Suite stops being marketing the moment a buyer can verify it.

Don't take our word — curl the evidence.

Governance posture is only worth what a procurement team can independently confirm. Where the validator is live, a buyer fetches the declaration and walks the hash-chained audit trail themselves — capability, classification, and control evidence, machine-readable and self-checking.

# once the validator ships for this surface
curl https://aws.kineticgain.com/.well-known/kg-verify.json | kg-validate -