Sola for Cloud Security

Prompts and use cases for Cloud Security Posture (CSPM)

Cloud environments are dynamic and complex, making continuous visibility essential.

Sola helps you monitor configurations, detect misconfigurations, and ensure alignment with cloud security best practices across AWS, Azure, and GCP.

This page explains the key concepts behind Cloud Security Posture Management (CSPM), what it is, why it matters, and how Sola helps you analyze it. It also includes prompt examples you can use directly in Sola AI.

Get started with these below ready-made Ask and Build prompts, or the Prompt library, both available directly in the Sola chat interface.

Ask: Show me my cloud security risks

Copy this prompt into Sola AI to get started:

I want to understand the most critical security risks in my cloud environment. Guide me to identify which cloud provider I should connect first - such as AWS, Azure, or GCP - to quickly discover high-impact misconfigurations like public exposure, overprivileged identities, IAM posture, or missing encryption. If I already have a data source connected, ask me which one I should use. Guide me to the best next step to quickly experience Sola's value. Do this as an interactive conversation, guide me one step at a time, avoid long explanations upfront, and pause for my response.

Build: Build cloud security monitoring

Copy this prompt into Sola AI to get started:

I want to build an app that continuously monitors my cloud security posture. Guide me to identify which cloud provider I should connect first - such as AWS, Azure, or GCP - or if I already have one connected, ask me which to use. Then help me build queries to detect critical misconfigurations like public exposure, overprivileged identities, IAM posture, or missing encryption, create canvases to visualize risks over time, and set up alerts for new issues. Guide me to the best next step to quickly experience Sola's value. Do this as an interactive conversation, guide me one step at a time, avoid long explanations upfront, and pause for my response.

Explore the cloud security prompt library examples and more prompt examples below.

What is Cloud Security Posture Management (CSPM)?

CSPM is the practice of continuously monitoring and assessing your cloud infrastructure to detect risks, misconfigurations, and policy violations. Ensuring that your cloud accounts, services, and resources comply with security benchmarks like CIS, ISO, or SOC2.

In simple terms, CSPM helps answer the question: “Is my cloud configured securely right now?”

Insights are generated from your connected data sources to identify and remediate risks such as:

Publicly exposed storage buckets or databases.
Unencrypted or misconfigured resources.
Excessive permissions or inactive identities.
Missing or incomplete logging coverage.
Non-compliance with established security policies.

Why is CSPM important

Cloud misconfigurations are among the most common causes of data exposure.

Without continuous monitoring, even minor configuration errors can expose sensitive data, weaken access controls, or impact compliance.

CSPM ensures visibility, enforces security best practices, and reduces the risk of accidental exposure or policy drift across cloud environments.

CSPM with Sola

Sola isn’t about replacing traditional CSPM solutions, it enables you to build one that fits your organization.

With Sola, you can build a tailored solution to:

Monitor configuration drift, public exposure, and encryption status across AWS, GCP, and Azure.
Enforce security and compliance standards such as CIS, ISO, and SOC2 through automated checks and alerts.
Visualize posture changes and risk trends with dashboards and reports.
Automate remediation workflows to handle recurring or critical misconfigurations.

Each of these components can be queried, visualized, and automated within your Sola apps, giving you full visibility and control over your cloud security posture.

Prompt library examples

Browse and run these prompts directly from the Prompt library in the Sola chat interface.

Cloud Risk Summary

PROMPT

Summarize the top 20 risks across my cloud environment. Group by service (IAM, compute, storage, serverless, networking). Only include misconfigurations that are actively exploitable or publicly accessible, and rank them by potential blast radius.

Publicly Exposed Resources

PROMPT

List all cloud assets accessible from the internet, storage buckets, API gateways, load balancers, and compute instances. For each, explain the potential impact and identify which identity or workload owns it.

Identity-Aware Cloud Risk

PROMPT

Which cloud resources become high-risk because of who can reach them? Show IAM roles and users with overly permissive access, and map the paths they could use to escalate privileges or move laterally.

Cloud Attack Path Discovery

PROMPT

Find attack paths in my cloud environment where a combination of misconfiguration, permissive IAM, and network exposure creates a real threat. Rank by exploitability and blast radius, and suggest a remediation priority order.

Stale but Dangerous Resources

PROMPT

Identify cloud resources that haven’t been used in 60+ days but still carry open permissions or public exposure. Flag anything that poses ongoing risk despite being inactive.

Executive Cloud Risk Summary

PROMPT

Give me a one-page summary of my cloud security posture: total risk count, top 3 critical findings, and a red/yellow/green status per cloud provider. Format for a CISO-level audience with no assumed technical background.

More prompt examples

Explore the security risks and misconfigurations covered by CSPM for AWS.

Download the app for the complete experience

Copy any prompt into Sola AI to get started.

🔴 Critical 🟠 High 🟡 Medium

1. Identity and access management (IAM)

Prevent misuse of privileges and unauthorized access.

🔴 Detect publicly accessible EC2 instances with admin roles

PROMPT

Find all EC2 instances with a public IP address that are attached to IAM roles with admin-level permissions.

What it checks: Detects EC2 instances with public IPs and admin-level roles

Why it matters: A compromised instance could grant full account access

🔴 Identify Lambda functions with privileged execution roles

PROMPT

List all Lambda functions where the execution role has administrator or wildcard (‘*’) permissions.

What it checks: Finds functions using excessive permissions

Why it matters: Reduces the blast radius of potential compromise

🟠 Ensure EC2 instances use IAM roles instead of static keys

PROMPT

Show EC2 instances not configured with an IAM role or still using hardcoded access keys.

What it checks: Ensures instances are using IAM roles instead of static access keys

Why it matters: Prevents credential leakage

🟡 Verify IAM Access Analyzer is enabled in all active region

PROMPT

Check whether IAM Access Analyzer is enabled in all active AWS regions.

What it checks: Validates that exposure detection is active

Why it matters: Identifies unintended cross-account access

2. Network Security

Limit public exposure and enforce segmentation.

🔴 Detect subnets that automatically assign public IPs

PROMPT

Find EC2 subnets that are configured to automatically assign public IP addresses to instances.

What it checks: Flags subnets that expose instances to the internet

Why it matters: Reduces attack surface

🔴 Identify security groups with unrestricted inbound access

PROMPT

List all security groups with rules allowing inbound traffic from 0.0.0.0/0 or ::/0, and show which ports are exposed.

What it checks: Detects overly broad rules (e.g., 0.0.0.0/0)

Why it matters: Prevents unauthorized inbound connections

🔴 Find resources with open administrative ports

PROMPT

Show all resources with SSH (port 22), RDP (port 3389), or other management ports open to the internet.

What it checks: Scans for open management ports

Why it matters: Avoids brute-force and RCE attempts

🟠 Verify default VPC security groups restrict all traffic

PROMPT

Check whether the default security group in each VPC blocks all inbound and outbound traffic.

What it checks: Ensures default networks are locked down

Why it matters: Reduces accidental exposure

3. Data protection (S3, RDS, EBS, EFS)

🔴 Identify S3 buckets without Block Public Access enabled

PROMPT

List all S3 buckets that do not have Block Public Access settings enabled at the bucket or account level.

What it checks: Detects public data exposure

Why it matters: Common cause of cloud data leaks

🔴 Detect publicly shared snapshots

PROMPT

Find all EBS snapshots and RDS snapshots that are shared publicly or with untrusted AWS accounts.

What it checks: Ensures backups are private

Why it matters: Prevents data theft from shared snapshots

🔴 Check if CloudTrail logs bucket is publicly accessible

PROMPT

Verify that the S3 bucket storing CloudTrail logs is not publicly accessible.

What it checks: Protects audit logs from manipulation

Why it matters: Maintains integrity of forensic evidence

🟠 Verify encryption at rest is enabled for data stores

PROMPT

Check whether EBS volumes, RDS databases, and EFS file systems have encryption at rest enabled.

What it checks: Verifies EBS, RDS, EFS encryption settings

Why it matters: Protects data from unauthorized physical access

🟡 Ensure S3 versioning and MFA delete are enabled

PROMPT

List S3 buckets without versioning enabled or MFA delete configured.

What it checks: Guards against accidental or malicious deletion

Why it matters: Improves recoverability

4. Compute and container security

🔴 Identify ECS containers running in privileged mode

Prompt

Find all ECS task definitions where containers are configured to run as privileged or as root.

What it checks: Prevents host-level compromise

Why it matters: Reduces container escape risk

🔴 Verify ECR image scanning is enabled

Prompt

Check whether Amazon ECR repositories have image scanning enabled for vulnerability detection.

What it checks: Ensures image scanning is active

Why it matters: Prevents deployment of vulnerable builds

🟠 Detect ECS tasks sharing host process namespace

Prompt

List ECS task definitions that share the host's process namespace with containers.

What it checks: Enforces container isolation

Why it matters: Avoids cross-process attacks

🟡 Identify Lambda functions using deprecated runtimes

Prompt

List all Lambda functions that are running on deprecated or outdated runtime environments.

What it checks: Checks for deprecated environments

Why it matters: Reduces CVE exposure

5. Logging, monitoring and governance

🔴 Verify CloudTrail logs are encrypted and validated

Prompt

Check whether CloudTrail logs are encrypted with KMS and have log file validation enabled.

What it checks: Ensures log integrity

Why it matters: Prevents tampering

🟠 Check if CloudTrail and AWS Config are enabled in all regions

Prompt

Verify that CloudTrail and AWS Config are enabled and recording in all active AWS regions.

What it checks: Confirms activity tracking coverage

Why it matters: Core to audits and investigations

🟡 Ensure VPC Flow Logs and Load Balancer logging are enabled

Prompt

List VPCs without Flow Logs enabled and load balancers without access logging configured.

What it checks: Tracks network traffic

Why it matters: Detects anomalies and intrusion attempts

6. Resilience and availability

🟠 Verify backup recovery points are encrypted

Prompt

Check whether AWS Backup recovery points are encrypted at rest.

What it checks: Secures stored backups

Why it matters: Protects backup data from unauthorized access or theft

🟡 Verify RDS clusters use multiple Availability Zones

Prompt

Check whether RDS database clusters are configured for Multi-AZ deployment.

What it checks: Checks for high availability configuration

Why it matters: Prevents single-AZ failures

🟡 Ensure load balancers span multiple Availability Zones

Prompt

List all Application and Network Load Balancers that are not configured across multiple Availability Zones.

What it checks: Ensures multi-zone redundancy

Why it matters: Improves uptime

PreviousPrompt Library NextSola for Identity Security

Last updated 16 days ago

Was this helpful?