Add additional AWS accounts
GuardKite supports any number of AWS accounts under a single tenant. The flow for each additional account is the same as the first one — a CloudFormation stack creates a read-only IAM role — but you start from the AWS Accounts page rather than the onboarding wizard.
Adding an AWS account is restricted to admins. If you're a member, ask an admin to add it.
Steps
- From the platform sidebar, open Settings → AWS Accounts.
- Click Add an AWS Account. The wizard opens.
- Enter the 12-digit AWS Account ID and click Go to AWS. A new tab opens in the AWS CloudFormation console.
- Complete the CloudFormation deployment in the AWS Console (tick the capabilities checkbox, click Create Stack, wait for
CREATE_COMPLETE). - Return to the GuardKite tab. The account appears in the list with its connection status.
Setting an alias
Each account has an optional alias — a human-friendly name like prod or acme-staging that appears next to the 12-digit account ID throughout the platform. Aliases make multi-account environments much easier to scan visually.
To set one, expand the account's row on the AWS Accounts page and edit the Alias field.
After linking
The first scan for the new account starts automatically and finishes within a few minutes. Each account scans on its own daily schedule, but findings from every connected account appear together in the platform views. Use the AWS Account filter on Findings, IAM Risk, and Attack Paths to narrow to a specific account.
The AWS Accounts page shows each account's Connection Status and Last Checked at — that's where to look if scans appear to have stopped for an account.
Removing an account
Removing an account from GuardKite does not delete the IAM role from your AWS account. To fully revoke access, delete the CloudFormation stack (or the IAM role) on the AWS side.