Link your first AWS account
GuardKite scans your AWS account through a read-only IAM role. Linking an account means deploying a small CloudFormation stack that creates that role.
For exactly what the role can and can't do, see What GuardKite needs from your account.
Sign up
Go to app.guardkite.com and click Sign Up. You can sign up with Google or with an email address.
After signing up, contact your account manager to activate your tenant before adding an AWS account.
Link the account
When you sign in for the first time, the Add an AWS Account wizard appears.
Sign in to the AWS account you're linking before starting. The wizard opens AWS CloudFormation in a new tab, and that tab uses your current AWS session.
- Enter your 12-digit AWS Account ID and click Go to AWS. A new tab opens in the AWS CloudFormation console with the GuardKite template pre-loaded.
- Tick the Capabilities checkbox in the AWS console and click Create Stack.
- Wait for
CREATE_COMPLETE, then return to the GuardKite tab.
GuardKite starts its first scan as soon as the stack is created.
Initial scan
The initial scan takes up to five minutes. You'll receive an email when it finishes.
When it's done, head to Review your first findings.
Advanced: manual deployment
Prefer to deploy the role yourself? In the wizard, expand Detailed Steps to download the CloudFormation template directly. Deploy it through the AWS Console (or your IaC tool of choice), supplying the External ID shown in the wizard.
The Cross-account IAM role page has the full policy reference.