Skip to main content

Step 1 - Link your AWS Account

GuardKite works by scanning your AWS resources for security and compliance issues using a secure, read-only IAM role. To enable scanning, you need to link your AWS account by deploying a CloudFormation stack that creates the required IAM role with minimal permissions.

👉 GuardKite only requires read-only access to your AWS account. It does not modify, delete, or create any resources. For a detailed breakdown of the IAM policies used, visit the IAM Role Permissions page.

To register with GuardKite, go to app.guardkite.com and click Sign Up. Use the Google button or enter your email address to create an account.

Step-by-Step Guide​

1. Enter Your AWS Account ID​

When you log in to GuardKite for the first time, you will be directed to the Add an AWS Account wizard.

  1. Enter your 12-digit AWS Account ID in the provided field.
Add an AWS Account Wizard

2. Deploy the GuardKite CloudFormation Stack​

  1. Click the Deploy button.
  2. This will open the AWS CloudFormation console in a new tab (in the us-east-1 region).
  3. If prompted, log in to your AWS account.
  4. In the CloudFormation console:
    • Select the Capabilities checkbox.
    • Click Create Stack.
  5. Wait for the stack creation to complete. The status should change to CREATE_COMPLETE.
Create CloudFormation stack

3. Test Connection​

Once the CloudFormation stack is successfully created, return to the GuardKite application.

  1. Click the Test Connection button.

If the connection is successful, you will see a confirmation message.

Test connection

4. Start the Initial Scan​

Once the connection is confirmed, click Start Scan to begin scanning your AWS resources.

The initial scan will take upto 5 minutes to complete and you will receive an email notification once the scan is finished.

To learn more about the scan results and how to interpret them, visit the Findings) page.

5. Complete Your Subscription (First-Time Users Only)​

If you are registering for the first time, you will be prompted to complete your subscription before GuardKite can begin scanning.

  1. Choose your preferred subscription plan and complete the payment process.
  2. Once your subscription is active, your first scan will start automatically.

Advanced Deployment (Optional)​

If you prefer to deploy the GuardKite CloudFormation template manually, you can:

  • Download the CloudFormation template.
  • Review the template and deploy it in the AWS CloudFormation console.
  • Use the provided External ID when setting up the IAM role.