Do I need to install an agent?

No. Cloustral connects to AWS and Azure using read only access that you configure yourself. There is nothing to install in your infrastructure.

Does Cloustral modify my cloud resources?

No. Cloustral only calls read APIs. It does not create, update, or delete resources in your cloud environment.

What is a cloud connection?

A cloud connection is one AWS account or Azure subscription connected to Cloustral. AWS connections sync all enabled regions by default, or selected regions when you want a narrower scope. Azure connections sync the configured subscription. Credentials are stored encrypted and used to sync inventory, build architecture views, and evaluate rules.

What happens in a demo organization?

New organizations start as demos. You can add synthetic cloud data and use full architecture visualization, but real cloud connections and automation require a paid pla

What is the difference between Starter, Pro, and Team?

Starter (€49/month) includes daily automation, 5 users, 3 cloud connections, and basic architecture visualization. Pro (€129/month) raises limits to 10 users and 8 connections, adds full architecture visualization, and includes 1 high frequency connection that syncs hourly during business hours. Team (€349/month) supports 25 users, 20 connections, and 3 high frequency connections.

When do automated cloud syncs run?

All paid plans run a daily sync for every connection. High frequency connections (Pro: 1, Team: 3) additionally sync hourly during the business hours window you configure. All schedules use UTC.

Can I create my own rules?

Yes. You can create custom rules based on the cloud standards your team cares about.

Does Cloustral replace Wiz, Orca, or Prisma Cloud?

No. Cloustral is built as a lightweight cloud visibility and governance tool for small DevOps teams, not as a full enterprise CNAPP platform.

Can MSPs or consultants use Cloustral?

Yes. Enterprise plans can support custom limits, onboarding, procurement, and dedicated support for MSPs or consultants.

GuideJune 13, 20264 min read

Getting started with Cloustral

Create an account, connect AWS or Azure, explore resources, define rules, review findings, and automate the loop.

We just launched Cloustral, and we are excited to welcome new users! To start, we wanted to share a brief getting started guide for teams taking their first look around.

Cloud environments rarely become messy all at once.

It usually starts small: one AWS account, one Azure subscription, a few resources, a couple of tags that "we'll clean up later." Then another environment gets added. Someone creates a test resource and forgets it. A security group changes. A subnet appears. A cost spike shows up, but nobody is completely sure where it came from.

Cloustral is built for that moment: when your team needs a clear view of what exists, what changed, and what needs attention.

This guide walks through the basic Cloustral workflow: create an account, connect AWS or Azure, explore your resources, define rules, review findings, and automate the loop.

Start with an organization

After creating your account and signing in, you can create your first demo organization and add synthetic cloud data. You can add MFA from your account page, and organization admins can require MFA for their team.

An organization is where your team's cloud connections, resources, rules, findings, members, roles, and billing settings live. If a teammate has already invited you, you can simply accept the invitation and join their existing workspace.

Admins can invite new members, manage roles, update billing, and adjust organization settings as the team grows.

Connect AWS or Azure

Once your organization is ready, the next step is connecting a cloud environment.

Open Cloud Connections and add your first connection. Cloustral currently supports AWS and Azure.

For AWS, you provide an access key and secret key. Cloustral syncs all enabled AWS regions by default, or you can choose selected regions for that connection. For Azure, you provide a tenant ID, client ID, client secret, and subscription ID; Cloustral syncs inventory for that Azure subscription. Each connection can be named clearly, so teams can separate production, staging, development, client, or shared environments.

Not ready to connect a real cloud account yet? You can also use synthetic demo data to explore the product before adding live infrastructure.

When a connection is added, Cloustral starts an initial sync. Each connection shows its current state, such as connected, syncing, needs sync, or error, so you always know whether your inventory is up to date.

See what actually exists

After the first sync finishes, the cloud environment becomes easier to reason about.

In Cloud Resources, you can choose a connection and browse the resources Cloustral discovered. Search by name, filter by kind, move through the inventory, and open individual resources for more detail.

Each resource page gives you the context that is usually scattered across cloud consoles: metadata, tags, relationships, active findings, and raw provider data.

This is where Cloustral starts to become useful. Instead of clicking through AWS or Azure trying to remember what belongs where, you get one structured inventory across your connected environments.

Understand the architecture

Inventory is useful, but cloud infrastructure is rarely just a list.

Resources are connected. Networks contain subnets. Subnets contain workloads. Security boundaries shape what can talk to what. Over time, those relationships become hard to track manually.

The Cloud Architecture view helps turn that resource data into a visual map. You can inspect networks, subnetworks, security boundaries, and attachment relationships without maintaining separate diagrams by hand.

The goal is not just to show more data. It is to make your cloud easier to understand.

Define what "good" looks like

Every team has standards, even if they are not always written down.

Maybe production resources need specific tags. Maybe public exposure should be flagged. Maybe unused resources should be reviewed. Maybe certain configuration patterns should not drift across environments.

That is what rules are for.

Admins can use managed rule packages or create custom rules. A rule can target AWS, Azure, or any provider. You choose the resource type, field path, operator, comparison value, severity, message, recommendation, and whether the rule is enabled.

Rules can check for conditions such as:

equals or not equals
greater than or less than
contains
exists
does not exist

Severities range from informational findings to critical issues, so teams can separate useful context from urgent work.

This turns Cloustral from a passive inventory into an active review system for your cloud standards.

Review what needs attention

Once rules are enabled, Cloustral evaluates your cloud inventory and generates findings.

The Insights page is where those findings become actionable. You can filter by connection, provider, severity, resource type, or search text. Open a finding to understand what triggered it, which resource it affects, and what the recommended next step is.

Some findings may represent real work. Others may be accepted exceptions. As your team reviews them, findings can be resolved, reopened, or deleted when they no longer apply.

The point is to create a calmer workflow: less guessing, fewer forgotten checks, and a clearer path from cloud data to action.

Keep the loop running

Cloud environments change constantly. A one-time scan is useful, but it is not enough.

With Automation, Cloustral can keep your inventory and findings fresh. All paid plans run a daily sync for every connection. On Pro and Team plans you can additionally mark individual connections as high frequency, which syncs them hourly during the business hours window you configure. Rule evaluation can run after each sync or on its own schedule, and you can enable daily finding emails.

Those emails can include useful operational context, such as last sync time and connection health, so your team does not have to open the dashboard just to know whether something needs attention.

Available automation frequencies and limits depend on your organization's plan.

From scattered cloud data to a repeatable workflow

Getting started with Cloustral is not just about connecting an AWS account or Azure subscription.

It is about building a repeatable loop:

Connect your cloud.
Sync the inventory.
Understand the architecture.
Define rules.
Review findings.
Automate the checks.

That loop gives small DevOps teams a practical way to stay on top of cloud visibility, drift, tagging, security checks, and cost waste without bringing in a heavyweight enterprise platform.

Cloustral helps your team see what exists, understand what changed, and focus on what needs fixing next.