The 10-Factor
Infrastructure

Pricing

Features

How It Works

FAQs

Checkout Modules

Compliance-as-Code For Cloud Infra

A centralized repository codifying ISO 27001:2022 implementation for real-world AWS environments

with governance, evidence, audits and continuous compliance workflows.

Compliance that actually runs in your infrastructure, not just in documents.

Free Trial

Buy Now

ISO 27001 requires: An annual internal audit every year and a recertification every 3 years.

This module: Automates the entire audit process so you can save time and have a hassle free internal audit every year. Deploy codified ISO 27001:2022 AWS Controls and generate compliance ready assessment reports for your AWS resources across your organisation with:

An Audit Manager custom framework for ISO/IEC 27001:2022.
93 codified controls mapped to the latest 2022 version of ISO 27001 standard.
Curated assessment reports as required by auditors.
Evidence collected from AWS data sources like AWS Config, Security Hub.
Support for common compliance standards and regulations such as PCI DSS, CIS benchmarks.

Supported Workloads: 30+ AWS services including IAM, VPC, EC2, RDS, S3, EKS.

ISO 27001 requires: Documented information shall be available as evidence of the implementation of the audit programme(s) - that the organisation shall plan, establish, implement and maintain.

This module: Codifies your compliance requirements by automating evidence recording. Configure customisable rules to evaluate whether your AWS resources comply with the ISO 27001:2022 standard:

500+ config checks and resource scans to record evidence for audit controls.
Custom conformance pack for ISO 27001 2022.
Pre-built config checks and remediation actions for compliance frameworks like PCI DSS, CISA, NIST and more.

Supported Workloads: AWS Account & Services.

ISO 27001 requires: Organisations to ensure that the use of cloud services is protected and securely managed, including through monitoring, configuration, and compliance checking.

This module: Automates collection and aggregation of all security findings from all cloud services in one place so you can understand the overall security posture of your AWS account or organisation.

Centralised dashboard for security control checks and alerts into a single place and format.
Integrate vulnerability assessment, threat detection and patch compliance findings.
Monitor cloud environments for misconfigurations, risks, and compliance violations.
Enable security best practices and controls.
Simplified compliance management for global industry standards like CIS, PCI DSS, NIST etc.

Supported Workloads: AWS Account and Services

ISO 27001 requires: Protection against malware shall be implemented and information security threats shall be collected and analysed to produce threat intelligence.

This module: Deploys real time threat detectors and malware scans to help protect your AWS accounts, workloads, and data from potential security risks:

Monitor all your accounts without additional software to deploy or manage.
Protect systems and services against ransomware and other types of malware.
Centralise threat detection for AWS container and system workloads.
Accelerate investigations and automate remediation.
Meet additional compliance requirements such as PCI DSS.

Supported Workloads: EC2, EKS, S3, RDS, Lambda

ISO 27001 requires: Information about technical vulnerabilities of information systems in use shall be obtained, the organisation’s exposure to such vulnerabilities shall be evaluated and appropriate measures shall be taken.

This module: Enables automated vulnerability scanning for AWS workloads and runs assessment to discover software vulnerabilities and unintended network exposure.

Identify unpatched instances and container images with common vulnerabilities and exposures (CVEs).
Analyse network configurations to find security vulnerabilities and restrict unsafe access.
Deploy CIS Security Benchmarks and security best practices.

Supported Workloads: EC2, ECR, Lambda, Network

ISO 27001 requires: Networks, systems and applications shall be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.

This module: Deploys log metric alarms and notification to monitor AWS resources in real time for early identification and mitigation of security incidents. This enables:

Alerts and notification for critical system failures, database and storage errors, performance overload, suspicious networks drops, unhealthy hosts and more.
Centralised monitoring to help visualise and analyse security data with end-to-end observability.
Cloudwatch alarms according to CIS AWS Foundations Benchmark.
Security best practices for AWS services monitoring.

Supported Workloads: EC2, EKS, ALB, NLB, NATGW, S3, Route53, RDS

ISO 27001 requires: Certificate management as part of its broader requirements for data masking, application security requirements, network security and use of cryptography.

This module: Deploys centralised certificate management for public signed valid certificate. This includes:

Domain based certificate validation.
Automated certificate renewal.
Wildcard support.
Public dns and nameservers.
Works with major domain registrars like Namecheap, Godaddy, Bigrock etc.

Supported Workload: EC2, ELB, EKS, RDS

ISO 27001 requires: Information stored on, processed by or accessible via user end point devices shall be protected.

This module: Deploys a client vpn solution that provides secure access to your applications, systems and services hosted within a private network. This provides two vpn options for organisations to choose from:

AWS Clientvpn with user onboarding portal, IAM and SAML authentication.
Openvpn with automated user management and RBAC for network access.
Public dns with valid signed signed certificates.
Encrypted access to whitelisted networks.

Supported Workload: VPC, EC2, EKS, RDS

ISO 27001 requires: Networks and network devices shall be secured, managed and controlled to protect information in systems and applications.

This modules: Deploys a secure, scalable and highly available network for AWS based applications with:

Built in zero trust policy.
Multi layer role based segregated networks with traffic whitelisting.
Firewall rules and access policies for perimeter security.
Multiple gateways for securing entry and exit points.
Audit Logging to monitor network traffic.

Supported For: All AWS Regions

ISO 27001 requires: An inventory of information and other associated assets, including owners, shall be developed and maintained. Measures shall be implemented to securely manage software installation on operational systems.

This module: Automates patch discovery, installation and inventory management for EC2 instances running for the AWS account:

Enables staged patch rollout to safely update EC2 instances while minimising risk.
Creates inventory of os and software information installed on each instance.
Deploys a centralised patch compliance management system for continuous monitoring of system security.

Supported Workload: Amazonlinux, Linux, Windows.

ISO 27001 requires: Procedures and measures shall be implemented to securely manage software installation on operational systems.

This module: Enables automated provisioning for compute instances with secure system architecture and engineering principles. This includes:

Automated image hardening and system patching.
Vulnerability and malware protection.
Secure authentication and firewall rules.
Segregation of network for development, test and production environments.

Supported Workloads: Amazonlinux, Linux, Windows

ISO 27001 requires: Information security requirements shall be identified, specified and approved when developing or acquiring applications.

This module: Provisions a production grade secure k8s cluster with autoscaling custom worker nodes, load balancer controller and ingress for public facing services within a private network. This includes:

Vulnerability and malware protection for cluster.
Automated node management for hardening, patching and upgrades.
Security logging and monitoring enabled.
Secure IAM policies for cluster management.
Public dns with valid signed signed certificates.

Supported Workloads: Amazonlinux, Bottlerocket

ISO 27001 requires: Organisations to identify and meet the requirements regarding the preservation of privacy and protection of PII according to applicable laws and regulations and contractual requirements.

This module: Enables automated scanning and data discovery of sensitive information stored in S3 buckets such as:

Credentials, for credentials data such as private keys and AWS secret access keys.
Financial information, for financial data such as credit card numbers and bank account numbers.
Personal information, for PHI such as health insurance and medical identification numbers, and PII such as driver's license identification numbers and passport numbers.

Supported Workloads: S3

ISO 27001 requires: Access to information and other associated assets shall be restricted in accordance with the established topic-specific policy on access control.

This modules: Creates secure object storage enabled with robust monitoring, access control and network security.

Enables encryption with key management for data at rest.
Security monitoring according to CIS benchmarks.
Version controlled lifecycle management.
Security controls enabled for ISO 27001:2022 Annex A, PCI DSS v4 standards.

ISO 27001 requires: Data masking and Data leakage prevention measures shall be applied to systems, networks and any other devices that process, store or transmit sensitive information.

This modules: Deploys database cluster/instance with data security and high availability to protect the confidentiality, integrity, and availability of stored data.

Private networking with restricted network access control for incoming and outgoing traffic.
Encryption of storage data at rest and secret management.
Monitoring and alerting according to CIS AWS Foundations Benchmark.
Security controls enabled for ISO 27001:2022 and other compliance standards like PCI DSS, CISA.

Supported Workloads: Postgresql, Mysql, Aurora DB

terraform-modules

pricing

Simple Transparent Pricing

No Hidden Charge, No Vendor Lock-in. You own your code.

Step-by-step guidance to help you build a compliance ready infrastructure, tailored to fit your business needs.

Free Trial

See Compliance‑as‑Code running on a real AWS environment.

✔ Access to a POC environment with 3 core compliance modules deployed.

✔ Sample ISO 27001 control mappings.

✔ Example compliance evidence.

✔ Read‑only, non‑destructive setup.

(Limited 7 days trial)

Starter Core

Best for single-client projects and baseline compliance readiness.

$895

(One Time Payment)

Buy Now

✔ Core terraform compliance modules.

✔ Codified ISO 27001:2022 controls.

✔ Ready-to-deploy Git workflows.

✔ Documentation + setup guide.

✔ Email support.

✔ One onboarding call ( 1 hr ).

Professional

Customised modules for multi-tenant projects or production workloads.

$1495

✔ Everything in Starter Core.

✔ Customised Deployment & Integration Support.

✔ Custom Audit Framework Mappings (ISO 27001:202, PCI DSS, SOC 2, CIS etc)

✔ Multi-tenant compliance and security.

✔ Dedicated Compliance Consultant.

✔ 5 hrs monthly cadence & support.

(Billed annually, Get 2 months free )

/month

Looking for enterprise support? Let's Talk

Connect & DM me on LinkedIn

We'll schedule a quick 1:1 discovery call to discuss your special use case.

Get your ISO 27001 compliant env now

How Compliance-as-Code Works

Compliance-as-Code is a version controlled git repository of terraform modules to deploy an ISO 27001:2022 ready AWS infrastructure. This can be cloned and easily integrated to your infrastructure deployment or CI/CD pipelines.

Compliance Frameworks are prebuilt and custom frameworks based on AWS best practices for various compliance standards and regulations to assess environments against standards like ISO, HIPAA, PCI DSS, SOC 2, or more.

This ISO 27001 is a custom built framework mapped to the latest 2022 version of the ISO/IEC standard. Version 2013 (current version on AWS) has already expired on 30th October 2015

Terraform Modules are reusable Terraform configurations that can be called and configured by other configurations. The compliance-as-code modules are used to create the cloud resources and run assessments using the compliance frameworks.

Providers: These are the plugins that Terraform uses to manage various infra resources. For every terraform module to be able to create a cloud resource, it has to mention the provider configuration of the respective cloud provider which in our case is AWS.

Terraform Registry: This is the official public repository of cloud providers managed by Hashicorp.

When you run `terraform init`, Terraform will automatically download everything it needs from this repository.

How it works

Built on 7+ years of real life ISO implementations

View Client Projects

Battle Tested Terraform Modules

Based on prod-tested Infrastructure-as-Code from successful ISO 27001 implementations in highly regulated Banking & Financial Services industry of South-East Asia. Delivered as an expert-guided and governed service.

100 % Cloud Native, Modular IaC

Built with AWS native services so you benefit from AWS's compliance, scalability and reliability, reducing third party dependencies.

Certified Professional Mentors

No AI fluff , no faceless IT support. Step-by-step guidance by certified ISO 27001 LA with 10+ years of industry experience, building secure IT infrastructures.

Trusted by Companies and Leaders
Across Various Industries

Group CTO,

Gojek

“You've contributed in all possible angles in building GoFin/Jago where it is right now: Infra as a service, regulatory requirements for cloud setup(in Ali, AWS and then move to GCP), Infra networks are just a few worth mentioning.”

Chief Technology Officer,

PT Bank Jago Tbk

“Thank you for your support throughout the last 2 years, namely the Ali GCP migration, and our 1st DR exercise for our proposal to the regulator.”

President Director,

PT Bank Jago Tbk

“Thanks you so much for all your contributions to Jago. Really appreciate all the thinking and efforts that you put it so that we can be where we are today. I wish you success and all the best in your future endeavours and look forward to working together again.”

FAQs

What is Compliance-as-Code & how does it help me?

Compliance-as-Code turns security and compliance requirements into ready-made Terraform modules. You get production-grade, audit-ready cloud configuration patterns you can use immediately in your projects or client environments.

Which compliance frameworks are supported?

The baseline configuration is aligned with ISO 27001:2022, with design patterns and many controls overlapping CIS, SOC 2, and PCI DSS principles. This means you can satisfy multiple frameworks or audit requirements with a single standards-driven setup.

How does it integrate with our existing cloud infrastructure and CI/CD pipeline?

The modules are delivered as version controlled modular git repositories. You can clone and run these following standard Terraform workflows with any CICD pipeline such as GitlabCI, Github etc. You will also get a step by step onboarding for the complete setup.

Which cloud services and AWS workloads are supported?

It supports all native AWS services like VPC, IAM, S3, KMS, CloudTrail, GuardDuty, AWS Config, WAF, and more - covering major industries like Banking, Fintech, SaaS, IT, and Tech.

How does the module handle evidence collection and audit-ready reporting?

The modules deploys infra to automatically generate logs, configuration histories, encryption policies, and access trails - mapping cloud configurations directly to audit controls. This reduces manual documentation and speeds up ISO audit preparation.

Can this module help with continuous compliance or is it a one-time setup?

Both. The initial deployment establishes a compliant baseline. Ongoing services such as AWS Config, CloudTrail, and guardrails help maintain continuous compliance, with module updates aligned to evolving standards.

What kind of remediation or automated fixes does it support?

Secure defaults like encryption, logging, restricted IAM permissions, and network boundaries are applied automatically. Combined with AWS Config and security services, the setup can detect drifts and guide remediation with minimal manual work to help maintain a secure posture.

How does the free trial work ?

During the free trial, you can access select modules or a sandbox version to evaluate structure, integration, and compatibility with your environment. It lets you understand how the Compliance-as-Code workflow fits into your projects.

What kind of support do I get after purchasing?

You get 1:1 implementation guidance, and email support to help you integrate the modules smoothly.

Contact for custom pricing, volume discounts, and dedicated support.

What payment methods do you accept?

We currently accept all major international and domestic payment options supported by Topmate, including credit/debit cards, UPI, net banking, and digital wallets. All payments are processed securely through Topmate’s trusted checkout system.

Custom Plan

Have more questions, Write to me

Connect & DM me on LinkedIn

Schedule a quick 1:1 discovery call for your special use case

The 10-Factor
Infrastructure

Compliance-as-Code for Cloud Infra - Get ready for ISO 27001:2022 certification with automated, audit-ready, secure AWS infrastructure setup.

Compliance that actually runs in your cloud, not just in documents.

Company

SIGN UP HERE

Let’s Work Together

Signup

The 10-Factor Infrastructure

The 10-Factor Infrastructure

Compliance-as-Code For Cloud Infra

Audit Manager

AWS Config

Cloud Security Posture Management

Threat Detection

Vulnerability Scanning

Security Monitoring

SIEM (Coming Soon)

Certificate Management

VPN

VPC

IAM (Coming Soon)

Inventory & Patch Management

EC2

EKS

PII Security

Secure S3

Secure RDS

Simple Transparent Pricing

Free Trial

See Compliance‑as‑Code running on a real AWS environment.

Starter Core

Best for single-client projects and baseline compliance readiness.

Professional

Customised modules for multi-tenant projects or production workloads.

Looking for enterprise support? Let's Talk

We'll schedule a quick 1:1 discovery call to discuss your special use case.

Built on 7+ years of real life ISO implementations

Battle Tested Terraform Modules

100 % Cloud Native, Modular IaC

Certified Professional Mentors

Trusted by Companies and Leaders Across Various Industries

FAQs

What is Compliance-as-Code & how does it help me?

Which compliance frameworks are supported?

How does it integrate with our existing cloud infrastructure and CI/CD pipeline?

Which cloud services and AWS workloads are supported?

How does the module handle evidence collection and audit-ready reporting?

Can this module help with continuous compliance or is it a one-time setup?

What kind of remediation or automated fixes does it support?

How does the free trial work ?

What kind of support do I get after purchasing?

What payment methods do you accept?

Have more questions, Write to me

Schedule a quick 1:1 discovery call for your special use case

The 10-Factor Infrastructure

SIGN UP HERE

The 10-Factor
Infrastructure

The 10-Factor
Infrastructure

Trusted by Companies and Leaders
Across Various Industries

The 10-Factor
Infrastructure