# Security and Compliance This walkthrough shows how DuploCloud can automate your security and compliance work — connecting to a GRC provider, identifying failing controls, and resolving them end to end, including Terraform changes via a GitHub pull request. *** ## The Scenario Your team needs to meet SOC 2 requirements on AWS. Rather than manually auditing controls and filing tickets, you connect DuploCloud to your GRC tool and let the agent do the work. *** ## Step 1 — Connect a GRC Provider DuploCloud supports GRC tools like Vanta and Drata. For this demo, Vanta has already been connected — credentials provided and scopes defined so DuploCloud knows what it can access. ![Vanta GRC connected](/files/r9TM7CimjOY1ct9scuLv) *** ## Step 2 — Check Compliance Status Select the SOC 2 framework on AWS and create a ticket asking DuploCloud to fetch the current compliance status. ![Ticket created to get started](/files/NmZQXrEILdoBpy4CYVGu) The agent connects to Vanta and retrieves your current compliance status, test scores, and details on which tests are passing or failing. ![Compliance status fetched from Vanta](/files/ULFTpx1J8gfKW9wZnZno) It then categorises the failing controls into buckets so you know where to focus first. ![Issues categorised by type](/files/GjMIQt0rGtF5SUcUyOkw) *** ## Step 3 — Fix Infrastructure Issues: GuardDuty Ask DuploCloud to resolve the infrastructure issues identified. The agent connects to AWS, checks GuardDuty status across all regions, and deploys it where it is missing. ![Fixing GuardDuty across regions](/files/kUimse4JKzswKD8ahkEu) GuardDuty is now deployed across all four required regions. ![GuardDuty deployed in all four regions](/files/hth31MDJxqnCGS203xSG) The agent then resolves the next issue — enabling GuardDuty notifications in all four regions. ![GuardDuty notifications enabled](/files/tFiz4k537pgHn2H1j4nC) *** ## Step 4 — Verify the Score Improvement Ask DuploCloud to re-check the Vanta scores and compare against the baseline. ![Checking Vanta scores again](/files/81tS7mGPD294vQc1vydX) The score has improved after the GuardDuty fixes were applied. ![Score improved after GuardDuty fixes](/files/zLoz7hH5n7cxk6niSxFo) *** ## Step 5 — Fix Logging Issues from the IDE Switch to your IDE. DuploCloud has already pulled in all the context from the ticket — it knows what was done and what still needs attention. ![Ticket details loaded into the IDE](/files/xIrjxtjCUK2a9PDEXB2Z) Ask the agent to resolve all remaining logging issues. The plan: write Terraform, open a pull request on GitHub, and apply once approved. ![Asking agent to resolve logging issues](/files/Rji715T61AsKSa9O4mFZ) *** ## Step 6 — Agent Writes Terraform The agent runs discovery, then generates all the Terraform required for the logging changes. ![Agent writing Terraform for logging](/files/t192qSdHSFQnIZwi3iZF) Once the code is ready, the agent commits the changes to GitHub and opens a pull request. ![Pull request created on GitHub](/files/NZjhBguFCISMeJoQSEDc) *** ## Step 7 — Review and Merge the Pull Request Switch to GitHub to review the pull request. ![Pull request visible on GitHub](/files/o1veE1anaiggqWELPIsG) Merge the PR and return to the IDE, tell the agent the PR has been merged and ask it to apply Terraform. The agent applies all the logging changes. ![Logging requirements applied](/files/4wAlUx2gVLf9tl3LXvlJ) *** ## Step 8 — All Activity Reflected in the Ticket Head back to the ticket. Everything done in the IDE — every action the agent took — is reflected here automatically. ![Activity visible in the ticket](/files/10x147bKts3DG22TPzYM) *** ## Step 9 — Final Score Check Ask DuploCloud to pull the latest scores from Vanta one more time. The scores have improved again — showing exactly how DuploCloud can get you to full compliance, step by step. ![Final Vanta scores improved](/files/14WqZra5W54rfqlqoton) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.duplocloud.com/docs/common-use-cases/security-and-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.