The IAM Policy Copilot

Save time and reduce your attack surface by automating the creation of IAM policies for AWS services, workloads and machine identities.

Get notified when Slauth.io is available on GCP or Azure

Backed by:

HOW IT WORKS

Value within minutes

Choose between our SaaS or self-hosted companion to bolster your IAM practices

icon-1

Connect your Github repositories and AWS environment to initiate a scan

icon-2

Get least-privilege policies based
on your code

icon-3

Review remediation recommendations and apply to your AWS environment

Experts Know Best

Slauth enables teams to focus on delivery and eliminate security risks by automating IAM policy creation. Less to worry about, more to deliver!
Teddy Funger
Formerly Red Hat
Slauth.io is exactly what I would have loved to have when deploying AWS infrastructure at Balsamiq a couple of years back! So happy it's here now!
Luis Arias
Upskyld

SLAUTH TO INCREASE VELOCITY

Automate IAM policy creation

Get relevant IAM recommendations as you code and where you code.

Policy generation in real-time

Shift-left your IAM efforts by creating IAM policies for services, workloads and machine identities as they become ready to be deployed.

Right-sized permissions based on your code

No more wildcard or guesswork! Deploy only IAM permissions according to the outcomes of your code analysis.

Recommendations directly in your IaC

Forget about AWS console and Access Analyzer. With Slauth.io, IAM recommendations are available where you code, merge and deploy.

SLAUTH TO IMPROVE INSIGHTS

Remove IAM blind spots

Unlock IAM analytics to discover how AWS services are being utilized in your environments for maximum efficiency in development and maintenance.

Improved logs for a complete view of your IAM security posture

Get rich logs with additional context on machine-identities activity during the different SDLC stages.

Versioning for better control and early remediation actions

Detect and document IAM changes to detect anomalies early or conduct root cause analysis.

Auditing and reporting features to augment your SIEM

Store and validate your IAM events for compliance with regulations such as SOC, PCI, and HIPAA.

Ready to Get Started?

Free 30 day Trial

Perfect plan to get started

A free plan grants you access to some cool features of Slauth.

200 IAM policies auto-generation

GitHub integration

Multiple AWS accounts

Slack support

Slauth.io Event Activity Dashboard

SaaS or self-hosted

What data is going to be shared with Slauth.io?

When you onboard with Slauth.io, we collect Personally Identifiable Information (PII) to create your profile.

When connecting your GitHub account, Slauth.io accesses the source code based on the repositories you select. For AWS connections, we collect metadata related to your policies and resources. This data is then processed by OpenAI using Slauth.io premium API configuration.

In our self-hosting model, the Slauth.io application can be deployed on your server and you will be able to choose to connect your own OpenAI API keys or use Llama2.

Data is stored as follows:

For SaaS Users
Your data is securely stored on Slauth.io servers hosted on AWS US-East.
For LLM analysis, data is shared with OpenAI.

For On-Prem Users
You have the choice of where your data is stored.
For LLM analysis, data can be shared with OpenAI.

What are the prerequisites to use Slauth.io?

To fully utilize Slauth.io's capabilities, you'll need:
- An AWS account
- An app deployed on AWS using the AWS SDK
- GitHub as your code repository
- No mono repo setups (currently being worked on)
- Languages: All languages are technically supported but Typescript has shown the most success from our experience to date

What can I expect from Slauth's integration with GitHub?

Slauth.io requires read-only access to your GitHub repositories to scan your codebase. This data is then processed by the LLM to generate secure IAM policies. Post-Beta, read and write access for pull request generation will be introduced.

What can I expect from Slauth's integration with AWS?

Slauth.io creates a cross-account role with read-only permissions to scan your AWS environment as a security audit role. This data, along with the code repository data, is processed by the LLM to compare IAM policies and suggest remediations if a more secure policy is relevant.

What types of vulnerabilities does Slauth.io help to mitigate?

Slauth.io focuses on mitigating identity and access-related vulnerabilities by generating least-privilege IAM policies. This helps prevent unauthorized access, privilege escalation, and other security risks associated with overly permissive policies.

Can I customize the IAM policies generated by Slauth.io?

Yes, the IAM policies generated by Slauth.io are presented in JSON format, allowing you to review and customize them before implementation.

How does Slauth.io support multi-cloud or hybrid cloud environments?

Currently, Slauth.io is focused on AWS environments. However, we have plans to extend our support to multi-cloud and hybrid cloud environments in the future.

You would like to get notified when Slauth.io is available on GCP or Azure? Simply let us know!