Auto-discover every resource across your entire infrastructure — cloud and on-premises — in one unified dashboard. 60+ resource types, 128 compliance checks, zero agents.
Free tier: 100 assets · 1 cloud account · no time limit
Cloud asset inventory is the automated process of discovering, cataloging, and continuously tracking every resource deployed across your cloud infrastructure. It answers the fundamental question every engineering, security, and finance team asks: what do we actually have running?
A cloud asset includes any billable or configurable unit within a cloud provider — compute instances, databases, storage buckets, virtual networks, load balancers, IAM roles, serverless functions, Kubernetes clusters, firewall rules, and more. In a typical medium-sized organisation running multiple cloud accounts, this can easily amount to tens of thousands of individual resources.
Without automated cloud asset inventory, teams rely on manual audits, provider consoles, or spreadsheets — all of which go stale within hours. Resources are provisioned, forgotten, misconfigured, and left running at cost. Security teams miss exposed storage buckets. Compliance audits take weeks instead of hours.
A proper cloud asset inventory platform provides:
The most common cause of cloud security incidents is shadow IT — resources that were provisioned and forgotten. An S3 bucket left publicly accessible. An EC2 instance with an open port 22. A test database that never got deleted, still containing production data. Cloud asset inventory is the foundation of cloud security because it eliminates blind spots.
CloudVista automatically flags misconfigured resources as soon as they're discovered — open ports, public storage, weak IAM policies, unencrypted databases — and maps each finding to the relevant CIS or SOC 2 control.
When an auditor asks "show me all your publicly accessible storage across all cloud accounts," the answer shouldn't be "we'll get back to you in two weeks." Cloud asset inventory makes compliance audits fast by maintaining a continuously updated record of every resource and its configuration state.
CloudVista runs 128 automated compliance checks mapped to CIS Benchmarks, SOC 2, HIPAA, PCI-DSS, ISO 27001, and NIST — covering every resource in your inventory, every sync cycle.
Cloud bills grow fastest from things teams forget: idle compute instances, orphaned EBS volumes, unused load balancers, databases no longer connected to any application. Cloud asset inventory surfaces these immediately.
CloudVista also surfaces network egress costs — one of the most underestimated line items in a cloud bill. AWS NAT Gateway, for example, charges twice on the same traffic (data processing fee + transfer fee). CloudVista detects this pattern and flags it automatically.
Engineering teams managing multi-cloud environments spend significant time switching between the AWS Console, Azure Portal, OCI Cloud Console, and vSphere Client to answer basic operational questions. Cloud asset inventory consolidates all of this into a single pane of glass — searchable, filterable, and always current.
CloudVista uses a read-only API polling architecture — no agents to install, no network changes, no infrastructure modifications required.
ReadOnlyAccess.
Getting your first cloud inventory live with CloudVista takes less than 10 minutes. Here's the step-by-step process:
Sign up at cloudvista.cloud — free tier, no credit card, instant access.
Connect AWS, Azure, OCI, GCP, or VMware with read-only API keys or service accounts.
Click "Sync Now" — CloudVista discovers all resources across your accounts.
Explore your unified inventory, check findings, view the topology map.
Configure scheduled syncs, budget alerts, and security notifications.
For AWS, attach the managed ReadOnlyAccess policy to a dedicated IAM user or role. Alternatively, use this minimal custom policy covering the resource types CloudVista collects:
Create an Azure AD service principal with the built-in Reader role scoped to your subscriptions. CloudVista uses the Azure Resource Manager API — no additional permissions needed beyond Reader.
Create an OCI IAM user with the INSPECT verb on all resource types in the compartments you want to inventory. Generate an API key pair and provide the private key, fingerprint, tenancy OCID, and user OCID to CloudVista.
Create a vCenter service account with the built-in Read Only role at the vCenter root level. This gives CloudVista visibility into all datacenters, clusters, hosts, datastores, and VMs without any write access.
CloudVista provides native inventory collection for all five supported platforms. Each collector is maintained against the latest provider SDK and API versions.
CloudVista catalogues a comprehensive set of resource types across all supported providers. Below is the full breakdown by category:
| Category | AWS | Azure | OCI | GCP | VMware |
|---|---|---|---|---|---|
| Compute | EC2, ECS Tasks, Lambda, EKS Nodes | VMs, VMSS, Functions, AKS | Compute, OKE, Functions | Compute Engine, GKE, Cloud Run | VMs, ESXi Hosts, Clusters |
| Database | RDS, DynamoDB, ElastiCache, Redshift | Azure SQL, Cosmos DB, MySQL | MySQL, PostgreSQL, Autonomous DB | Cloud SQL, Firestore, Spanner | — |
| Storage | S3 Buckets, EBS Volumes, EFS | Blob, Data Lake, Azure Files | Object Storage, Block Volumes, File Storage | Cloud Storage, Persistent Disks | Datastores (VMFS, NFS, vSAN) |
| Networking | VPCs, Subnets, Security Groups, ALB, CloudFront | VNet, NSG, App Gateway, CDN | VCN, Subnets, Security Lists, LB | VPC, Firewall Rules, Load Balancing | DVS, Port Groups, vNICs |
| Identity / IAM | Roles, Policies, Users, Groups | Entra ID Roles, Service Principals | Policies, Dynamic Groups | Service Accounts, IAM Bindings | vCenter Roles, Permissions |
Cloud asset inventory is only half the picture. The other half is knowing whether your assets are secure and compliant. CloudVista runs 128 automated security checks against your inventory, mapped to the most widely-used compliance frameworks:
Center for Internet Security cloud benchmarks for AWS, Azure, and OCI — the baseline for cloud security hardening.
Trust Service Criteria mapped to cloud controls. Generate evidence reports for Type I and Type II audits.
Payment Card Industry requirements — network segmentation, encryption, access control checks across all cloud resources.
Healthcare data protection controls — encryption at rest/in transit, audit logging, access restrictions on sensitive data stores.
Information security management controls mapped to cloud resource configurations.
NIST Cybersecurity Framework — Identify, Protect, Detect, Respond, Recover controls across your cloud estate.
Beyond compliance frameworks, CloudVista performs attack surface analysis — identifying resources exposed to the public internet, ports open to 0.0.0.0/0, storage buckets with public access enabled, IAM policies with wildcard permissions, and databases accessible without authentication.
Cloud asset inventory extends naturally into cost governance. CloudVista collects billing data from each provider's cost API, linking spend directly to the resources in your inventory.
See the full compliance and cost governance guide for more detail on cost optimisation using cloud asset inventory.
Most cloud asset inventory tools stop at the public cloud boundary. CloudVista includes native VMware vSphere support, giving hybrid teams a single inventory view across both cloud and on-premises infrastructure.
Connect CloudVista to your vCenter server using a read-only service account — no agent installation, no network changes. CloudVista syncs your full vSphere inventory on the same schedule as your cloud providers:
Health checks run automatically across vSphere resources: powered-off VMs are flagged as degraded, datastores below 10% free space trigger critical alerts, disconnected hosts are immediately surfaced.
Learn more on the dedicated VMware vSphere inventory page.
Consistent tagging (environment, team, cost-centre, application) makes inventory data far more useful. Define your tagging policy first, then use CloudVista's inventory to identify untagged resources and enforce the policy progressively.
Cloud asset inventory requires only read access. Never grant write or admin permissions to your inventory tool. CloudVista operates on the principle of least privilege — the IAM policies listed in the setup section above are the minimum required.
Production environments change constantly. Set CloudVista to sync every hour for production accounts. Dev/test accounts can sync less frequently (every 6 hours or daily) to reduce API calls and costs.
Every new finding (exposed port, public bucket, unencrypted database) should trigger a ticket. Integrate CloudVista alerts with your ticketing system and treat unresolved findings with the same urgency as uptime incidents.
CloudVista surfaces resources that haven't changed state in 30+ days. Review these monthly — many will be idle instances, orphaned volumes, or unused load balancers generating cost with no business value.
Before deploying changes, use CloudVista's topology map to understand what connects to what. It surfaces dependencies that aren't documented anywhere, preventing accidental outages.
Don't rely on each team managing their own cloud console access. A centralised cloud asset inventory platform with RBAC (role-based access control) lets security, FinOps, and engineering teams each access the data relevant to them without sharing credentials.
The cloud asset inventory market includes a mix of native tools (AWS Config, Azure Resource Graph), cost-focused platforms (CloudHealth, Apptio), and security-focused tools (Wiz, Orca, Lacework). Here's how CloudVista compares:
| Capability | CloudVista | AWS Config | CloudHealth | Wiz / Orca |
|---|---|---|---|---|
| Multi-cloud inventory | ✅ AWS, Azure, OCI, GCP, VMware | ⚠️ AWS only | ✅ AWS, Azure, GCP | ✅ AWS, Azure, GCP (no OCI/VMware) |
| On-premises (VMware) | ✅ Full vSphere support | ❌ | ❌ | ❌ |
| OCI support | ✅ Native | ❌ | ❌ | ❌ or limited |
| Security findings | ✅ 128 checks, 6 frameworks | ⚠️ Config rules only | ⚠️ Limited | ✅ Deep (agent-based) |
| Cost visibility | ✅ All providers + network egress | ❌ | ✅ Core feature | ❌ |
| Topology maps | ✅ Interactive, filterable | ❌ | ❌ | ⚠️ Limited |
| Free tier | ✅ 100 assets forever | ⚠️ Limited free tier | ❌ No free tier | ❌ No free tier |
| Self-hosted option | ✅ Docker Compose | ❌ SaaS only | ❌ SaaS only | ❌ SaaS only |
| Starting price | Free / £99/mo | $0.003/config item | Custom ($$$$) | Custom ($$$$) |
CloudVista is purpose-built for teams that need a single platform covering inventory, security posture, compliance, and cost — without the cost and complexity of enterprise-only alternatives. The free tier lets you evaluate against real data with no commitment.
Cloud asset inventory is the automated discovery, cataloging, and tracking of all cloud resources — compute instances, databases, storage, networking, IAM, and more — across one or more cloud providers. It gives organisations a complete, always-current picture of what they have deployed, what it costs, and whether it is secure and compliant.
CloudVista supports AWS, Microsoft Azure, Oracle Cloud Infrastructure (OCI), Google Cloud Platform (GCP), and VMware vSphere / vCenter for on-premises inventory — all five in a single dashboard.
Most teams have their first cloud inventory live within 10 minutes. Create a free account, add read-only credentials for your cloud accounts, and trigger a sync. No agents, no infrastructure changes, no professional services required.
Yes — CloudVista offers a permanently free tier covering 100 assets, 1 cloud account, and 1 user. It includes full inventory discovery, health monitoring, and basic compliance checks. No credit card required. Paid plans start at £99/month for teams needing multiple accounts.
CloudVista discovers 60+ resource types: compute instances (EC2, Azure VMs, OCI Compute, VMware VMs), databases (RDS, Azure SQL, OCI DB), storage (S3, Azure Blob, OCI Object Storage), networking (VPCs, security groups, load balancers), IAM roles and policies, containers (EKS, AKS, OKE), serverless functions, and more.
CloudVista runs 128 automated compliance checks mapped to CIS, SOC 2, HIPAA, PCI-DSS, ISO 27001, and NIST across your entire inventory. Each resource is checked against applicable controls every sync cycle, with remediation guidance for each failing check.
A CMDB is a static, manually-maintained record. Cloud asset inventory is dynamic — it auto-discovers resources continuously via cloud provider APIs, reflecting changes within minutes. CloudVista can serve as the authoritative, always-current source of truth for cloud resources that feeds into your CMDB.
Yes. CloudVista connects to vCenter via a read-only service account and syncs your full on-premises inventory — VMs, ESXi hosts, clusters, datastores, distributed switches — on the same schedule as cloud providers. No agent installation required.
Yes. Enterprise / MSP plan customers can deploy CloudVista on their own infrastructure using Docker Compose. This is popular for air-gapped environments, regulated industries, and teams with strict data residency requirements.
CloudVista discovers every resource across AWS, Azure, OCI, GCP, and VMware vSphere — with security findings, compliance checks, and cost visibility — in under 10 minutes.
Start Free — No Credit Card View Live DemoAlso see: Compliance Guide · Multi-Cloud Inventory · VMware Inventory