# Security and Compliance This walkthrough shows how DuploCloud can automate your security and compliance work — connecting to a GRC provider, identifying failing controls, and resolving them end to end, including Terraform changes via a GitHub pull request. *** ## The Scenario Your team needs to meet SOC 2 requirements on AWS. Rather than manually auditing controls and filing tickets, you connect DuploCloud to your GRC tool and let the agent do the work. *** ## Step 1 — Connect a GRC Provider DuploCloud supports GRC tools like Vanta and Drata. For this demo, Vanta has already been connected — credentials provided and scopes defined so DuploCloud knows what it can access. ![Vanta GRC connected](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-00b0615b22f323f2e42c4b88bf777a8ed6137bc1%2Fdemo4-03-vanta-grc-connected.png?alt=media) *** ## Step 2 — Check Compliance Status Select the SOC 2 framework on AWS and create a ticket asking DuploCloud to fetch the current compliance status. ![Ticket created to get started](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-bb05dc6fe7e9bd8860ab70ae15d0693f2cf1e46a%2Fdemo4-05-create-ticket.png?alt=media) The agent connects to Vanta and retrieves your current compliance status, test scores, and details on which tests are passing or failing. ![Compliance status fetched from Vanta](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-e9e37ffd7aa31a0c13b6c7aeaeace4042efecf7b%2Fdemo4-06-compliance-status-fetched.png?alt=media) It then categorises the failing controls into buckets so you know where to focus first. ![Issues categorised by type](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-951f4ffd4e2d5fecb0af9e3d3bc80697520d4b9b%2Fdemo4-07-issues-categorised.png?alt=media) *** ## Step 3 — Fix Infrastructure Issues: GuardDuty Ask DuploCloud to resolve the infrastructure issues identified. The agent connects to AWS, checks GuardDuty status across all regions, and deploys it where it is missing. ![Fixing GuardDuty across regions](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-a33bb731233a9d07b4dfaba858da9a512b440f66%2Fdemo4-08-fix-infrastructure-guardduty.png?alt=media) GuardDuty is now deployed across all four required regions. ![GuardDuty deployed in all four regions](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-7ece592eb46c426ca975b4a991dddc5829fd820b%2Fdemo4-09-guardduty-deployed-4-regions.png?alt=media) The agent then resolves the next issue — enabling GuardDuty notifications in all four regions. ![GuardDuty notifications enabled](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-6c65663dfbec0f8dc993b844e0e5b13a6dcf433b%2Fdemo4-10-guardduty-notifications-enabled.png?alt=media) *** ## Step 4 — Verify the Score Improvement Ask DuploCloud to re-check the Vanta scores and compare against the baseline. ![Checking Vanta scores again](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-109be7dc6cf43dd9ca0c2a24f106967ee8026331%2Fdemo4-11-check-vanta-scores.png?alt=media) The score has improved after the GuardDuty fixes were applied. ![Score improved after GuardDuty fixes](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-926b4767343f8bbef411bebfff23c606a85bca12%2Fdemo4-12-score-improved.png?alt=media) *** ## Step 5 — Fix Logging Issues from the IDE Switch to your IDE. DuploCloud has already pulled in all the context from the ticket — it knows what was done and what still needs attention. ![Ticket details loaded into the IDE](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-6fdf3e76373519812a9546ff6a967da2c2b61237%2Fdemo4-13-ticket-in-ide.png?alt=media) Ask the agent to resolve all remaining logging issues. The plan: write Terraform, open a pull request on GitHub, and apply once approved. ![Asking agent to resolve logging issues](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-47954cc14daca7266632fef812f2f12fe3ae1993%2Fdemo4-14-resolve-logging-issues.png?alt=media) *** ## Step 6 — Agent Writes Terraform The agent runs discovery, then generates all the Terraform required for the logging changes. ![Agent writing Terraform for logging](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-723dd49facc0926d9dba11c5a423d4699d4f96eb%2Fdemo4-15-agent-writing-terraform.png?alt=media) Once the code is ready, the agent commits the changes to GitHub and opens a pull request. ![Pull request created on GitHub](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-d6260e243beef870df0ba07a61462dca015e339c%2Fdemo4-16-pr-created.png?alt=media) *** ## Step 7 — Review and Merge the Pull Request Switch to GitHub to review the pull request. ![Pull request visible on GitHub](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-4aa905283e51f6c0294c1d4bf0e74bdc4a6285ea%2Fdemo4-17-pr-on-github.png?alt=media) Merge the PR and return to the IDE, tell the agent the PR has been merged and ask it to apply Terraform. The agent applies all the logging changes. ![Logging requirements applied](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-831cf2aa34f48d3b461804990509c03fc6a5e910%2Fdemo4-19-logging-requirements-created.png?alt=media) *** ## Step 8 — All Activity Reflected in the Ticket Head back to the ticket. Everything done in the IDE — every action the agent took — is reflected here automatically. ![Activity visible in the ticket](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-1160a142250a617410572277b2d61e97be7b4108%2Fdemo4-20-back-to-ticket.png?alt=media) *** ## Step 9 — Final Score Check Ask DuploCloud to pull the latest scores from Vanta one more time. The scores have improved again — showing exactly how DuploCloud can get you to full compliance, step by step. ![Final Vanta scores improved](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fgit-blob-00f20b1929acbba8a32df7f5f96147fd954d9f3e%2Fdemo4-21-vanta-scores-final.png?alt=media)