Sold by: Wallarm
Deployed on AWS
Free Trial
AWS Free Tier
Wallarm Infrastructure Discovery continuously inventories your AWS estate across every connected account and region, with no agent to install. Connect an AWS account via cross-account IAM role with external ID, AWS SSO profile, or static access key, and the first scan delivers a live, searchable inventory of EC2 instances, VPCs and their networking, EKS clusters, Lambda functions, load balancers, and API Gateway deployments. Drift detection records every field-level change so you can answer "what changed since last week." Built-in detection rules and customer-authored CEL rules surface exposure and misconfiguration. HTTP endpoints are detected automatically across EC2 instances, EKS pods, and load balancers on every scan. Built for security, platform, and compliance teams who need a defensible answer to what they have, what changed, and what is exposed. On-ramp to the Wallarm AI Control Platform.
Overview
Image
The AI Control Platform
Image
Wallarm Infrastructure Discovery
Wallarm Infrastructure Discovery is part of the Wallarm AI Control Platform, the only platform that integrates AI security and API security into one closed loop. Infrastructure Discovery is where that loop starts: mapping the AWS estate so security teams know what is running, changed, and exposed before anything else can happen.
KNOW WHAT YOU ARE RUNNING: Within minutes of connecting an AWS account, you have a live, searchable inventory of EC2 instances, VPCs, EKS clusters, Lambda functions, load balancers, and API Gateway deployments across every region you scan. A live relationship graph shows how everything connects. CloudTrail creator attribution tells you who stood each resource up, and when. Built-in detection rules surface the exposures that matter: public IPs, overly permissive security groups, sensitive ports open to the internet, public EKS endpoints. Your team can also write their own detection and triage rules in Common Expression Language, without a feature request and without forking the platform.
KNOW WHAT CHANGED: Every scan compares against the prior state and records exactly what was created, updated, or deleted. Filter drift events by account, region, service, severity, and time to scope an incident or assemble an audit timeline. The same data your on-call team uses is what you hand your auditors. SOC 2 and ISO 27001 evidence does not get built the week before the review.
KNOW WHAT IS EXPOSED: Infrastructure Discovery automatically detects HTTP endpoints behind EC2 instances, EKS pods, and load balancers on every scan, giving security teams a clear picture of what is reachable from the internet before attackers find it first. It also inventories Bedrock resources, so AI adoption happening account-by-account doesn not stay invisible to security. That makes Infrastructure Discovery the natural on-ramp to AI Hypervisor, which is the Wallarm runtime AI governance product that observes what those AI workloads are actually doing, enforces policy in real time, and generates continuous compliance evidence for EU AI Act and SOC 2. Together, Infrastructure Discovery and AI Hypervisor run the Wallarm AI Control Loop: Discover, Observe, Enforce, Govern.
BUILT FOR MULTI-ACCOUNT AWS AT SCALE: Each AWS account connects once with whichever credential method works for that account. Inventory, relationship graph, drift events, and findings unify across every connected account into a single view with per-account filtering. Designed for production AWS estates. Multi-account scale is a configuration question, not a different tool.
READ-ONLY BY DESIGN: The Wallarm IAM policy grants Describe, List, and Get permissions only. The cross-account role trust policy uses an external ID to prevent confused-deputy attacks. Customer credentials never appear in API responses or log lines.
Highlights
- CONTINUOUS, AGENTLESS AWS INVENTORY: Complete AWS inventory, no agents required. Within minutes of connecting an account, you have a live, searchable inventory across EC2, VPCs, EKS, Lambda, load balancers, and API Gateway deployments, unified across every account and region into one filterable view.
- KNOW WHAT CHANGED AND PROVE IT: Every scan records exactly what was created, updated, or deleted across your AWS estate, down to the specific fields that changed. Filter by account, region, service, severity, and time to scope an incident or answer an auditor. SOC 2 and ISO 27001 evidence comes from the same data your on-call team uses, not from spreadsheets assembled the week before.
- API DISCOVERY: The starting point for AI governance on AWS. Infrastructure Discovery surfaces HTTP endpoints and Bedrock resources across your estate, giving security teams visibility into what is reachable and what AI is enabled. It is the on-ramp to AI Hypervisor, which is the Wallarm runtime AI governance product.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Free Tier - Wallarm Infrastructure Discovery | COVERAGE: 1 AWS account, 1 region. SCAN FREQUENCY: 1 scan per day. ASSET DISCOVERY: Unlimited Assets within the Connected Account. LIMITS: 1 subscription per customer, not stackable. PRICING: Free FEATURES: Live asset inventory, relationship graph, drift detection between scans, built-in detection rules, customer-authored detection and CEL triage rules, CloudTrail creator attribution. CONNECTION METHODS: Cross-account IAM role with external ID, AWS SSO profile, or static access key | $0.00 |
Starter Tier - Wallarm Infrastructure Discovery | Everything in Free Tier, Plus: COVERAGE: Up to 3 AWS accounts, still 1 region. SCAN FREQUENCY: Configurable + on-demand scans LIMITS: 1 Subscription per customer; not stackable. PRICING: Flat Rate, no private pricing available for Starter Tier. | $200.00 |
Standard Tier - Wallarm Infrastructure Discovery | Everything in Starter Tier, Plus: COVERAGE: Up to 10 AWS accounts, 2 regions per account. SCAN FREQUENCY: Configurable + on-demand scans LIMITS: Stackable, up to 5 concurrent subscriptions per customer (max 50 accounts total). PRICING: Flat Rate, no private pricing available for Standard Tier. | $500.00 |
Enterprise Tier - Wallarm Infrastructure Discovery | Everything in Standard Tier, plus custom coverage, scan frequency, and no need to stack subscriptions. Agreement terms of this tier will be established through a custom pricing option via a private offer working with Wallarm or Wallarm partners. | $30,000.00 |
Vendor refund policy
This is a monthly service. Do not renew your subscription to stop incurring charges.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Wallarm protects your entire API portfolio with advanced API security capabilities.
Protect APIs and AI agents by integrating Wallarm with your existing NGINX traffic management, enabling real-time threat mitigation, full API visibility, and risk detection.
Wallarm AI Hypervisor is the runtime governance layer for every LLM call, agent action, and MCP tool invocation running in AWS. Deploy and within minutes every outbound AI call is captured in-kernel and attributed to the originating end-user across every service hop. Built on patented non-invasive memory analysis, AIH covers AI interactions without requiring a single application code change. Review the prompt that produced a bad answer. Block a session in real time without restarting pods. Prove to auditors what data left for which model provider, on whose behalf. Recognizes Anthropic, OpenAI, AWS Bedrock, Azure OpenAI, Hugging Face, Together, and more than 11 others out of the box. Part of the Wallarm AI Control Platform.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.