One pane across AWS, Azure & Google Cloud
Inventory, cost, drift, and compliance — without leaving the console. Agentless onboarding, daily scans, and IaC export from live infrastructure.
Three providers. One credential flow.
Bring your existing cloud credentials. Every secret is encrypted at rest with AES-256-GCM and scoped to the account that needs it.
AWS
Access Key ID / Secret, or cross-account IAM role assumption. SAML-based auth supported where available.
Microsoft Azure
Subscription ID, Tenant ID, Client ID, and Client Secret via service principal.
Google Cloud
Service account key JSON with scoped permissions to the resources you want to manage.
Auto-discovered across every region
Compute, databases, storage, networking, serverless, containers, backups, secrets — all discovered on schedule and linked to their dependencies.
Compute
EC2, Azure Virtual Machines, and Google Compute Engine instances across every region — auto-discovered on schedule.
Databases
RDS, Azure SQL, Cosmos DB, and Cloud SQL — with the backup vaults and recovery points that back them.
Storage
S3 buckets, Azure Blob, and Google Cloud Storage — with access-policy visibility surfaced alongside each resource.
Networking
VPCs / VNets, subnets, route tables, peering connections, security groups / NSGs, and load balancers.
Serverless & managed
AWS Lambda, Azure App Service, and Google Cloud Functions — alongside the managed services your team depends on.
Containers
EKS / AKS / GKE clusters. ECR / ACR / GCR registries. ECS services. The full container footprint across clouds.
Secrets managers
AWS Secrets Manager, Azure Key Vault, and GCP Secret Manager — inventoried and linked to the resources that consume them.
Backup & DR
AWS Backup vaults, recovery points, and restore operations — so you can verify coverage, not assume it.
See the bill before it lands
Daily breakdowns per account, region, and service. Trend lines that spot surprises early. Actionable optimisation hints with expected savings attached.
Daily cost breakdown
Per account, per region, per service — see spend in the granularity that matches your chargeback model.
Month-over-month trends
Spot the bill surprise before it lands. Trend lines per service, per account, per team.
Optimization recommendations
Underutilised instances, unattached disks, idle resources, and right-sizing hints — with expected savings attached.
Budget tracking & alerts
Set budgets at any scope and route breach alerts to email, Slack, webhook, or in-app.
Daily scans against the frameworks that matter
CIS, PCI-DSS, HIPAA, and SOC 2 — scanned every day. Findings grouped by severity. Accepted-risk items handled through a first-class exception workflow.
Daily compliance scans
Automated scans against CIS, PCI-DSS, HIPAA, and SOC 2 — runs every day, not only when someone remembers.
Findings by severity
Passed / warning / failed status on every check, grouped by category, with remediation guidance attached.
Exceptions & suppressions
Accepted-risk items get a first-class exception workflow with reviewer, rationale, and expiry — no more buried spreadsheets.
Compliance score over time
Per-account compliance score tracked as a trend — see the arc of improvement (or regression) at a glance.
Tag policy enforcement
Define tag compliance rules, detect violations across every account, and wire auto-remediation hooks where appropriate.
Drift detection, Cloud Shell, IaC export
The day-two operations toolkit — from baseline snapshots and scheduled operations to an in-browser CLI and Terraform / CloudFormation / ARM export.
Drift detection
Baseline snapshots versus current state. Versioned baselines. Violation reports that tell you what changed and when.
Cloud Shell
In-browser CLI for AWS, Azure, and GCP — with managed SSH keypairs and quick-command templates built in.
Infrastructure-as-Code export
Generate Terraform, CloudFormation, or ARM templates directly from live resources. Reverse-engineer legacy infra without the archaeology.
Scheduled operations
Start / stop schedules, backup schedules, scaling policies — coordinated centrally across every account.
Custom cloud alerts
CloudWatch, Azure Monitor, and Cloud Monitoring rules, evaluated every 5 minutes, routed to your channel of choice.
Dependency graph
Resource relationships rendered visually — so "who talks to what" is obvious, not tribal knowledge.
Activity audit
CloudTrail, Azure Activity Log, and GCP Audit Log aggregated with user attribution in one searchable view.
Every tab you need, per account
Overview, Billing, Backup & DR, CI/CD Pipelines, Compliance, Containers, Health, Network, Optimization, Secrets Management, Tag Policy, CloudWatch Logs, CloudWatch Alarms, IaC Export, Drift Detection, Activity Log, Dependency Graph, Region Selector, Schedules, and Health Imaging — all one click away.
- Agentless — credentials are enough, no agent on cloud accounts needed
- Credentials encrypted at rest with AES-256-GCM and per-record key derivation
- Daily compliance scans against CIS, PCI-DSS, HIPAA, and SOC 2
- IaC export to Terraform, CloudFormation, or ARM — from live infrastructure
- Cloud Shell with managed keypairs and quick-command templates
- Per-tab dashboards: Overview, Billing, Backup & DR, CI/CD, Containers, Network, Optimization, Tag Policy, and more
Agentless by design
Cloud governance doesn't need an agent on your accounts — LynxTrac reads through provider APIs. Onboard an account in minutes; data flows on schedule from the first sync.
- →AES-256-GCM at rest for every credential
- →Per-record key derivation
- →Activity audit aggregates CloudTrail / Azure Activity Log / GCP Audit
- →Custom alerts evaluated every 5 minutes
Common questions
Does LynxTrac need an agent on my cloud accounts?
How are cloud credentials protected?
Which compliance frameworks are supported?
Can LynxTrac export my existing infrastructure as code?
How often does cost data refresh?
What happens when a baseline drifts?
Get one pane across every cloud
Onboard your first AWS, Azure, or Google Cloud account in minutes — no agent required.