Skip to main content

FAQ

Quick answers to common questions. For longer explanations, follow the links.

What does GuardKite need from my AWS account?

A single read-only IAM role. The role can only call Describe*, List*, and Get* API actions — it can't modify, delete, or create anything. See What GuardKite needs from your account.

Does GuardKite write to my AWS account?

No. The IAM role is read-only.

Does GuardKite read the contents of my S3 buckets, secrets, or databases?

No. GuardKite reads how resources are configured, not what they contain.

How often does GuardKite scan?

Once a day, automatically. There is no user-triggered manual scan today.

How long does a scan take?

A typical first scan completes in under five minutes. You'll receive an email when it finishes.

Can I scan multiple AWS accounts?

Yes. Each account uses its own copy of the GuardKite IAM role. See Add additional AWS accounts.

Does GuardKite affect my AWS bill?

Scanning itself uses Describe* / List* / Get* API calls, which are free on most AWS services. Some remediations might turn on billable services (e.g. enabling GuardDuty); GuardKite flags those upfront with a cost-impact annotation so there are no surprises.

Is my data shared with anyone?

No. The configuration data GuardKite extracts from your account is used only to produce the findings, IAM Risk signals, attack paths, and events you see in the platform. It isn't sold, shared with third parties, or used to train any machine-learning models.

Is service X covered?

GuardKite continuously expands its scanning coverage across AWS services. If you need confirmation that a specific service is in scope, contact your account manager.

How do I revoke GuardKite's access?

Delete the CloudFormation stack that created the IAM role, or delete the role directly from the IAM console. The role lives in your account; revocation is fully under your control. See Revoking access.

Can I mute or snooze findings?

Not at the finding level. The Findings page always shows current state — a finding leaves the list only when the underlying issue is remediated or the resource is deleted.

Attack paths can be snoozed as accepted risk.

What's the difference between Findings and Attack Paths?

A finding tells you one resource is misconfigured. An attack path tells you that resource is reachable from the internet and connected to something sensitive — and the single change that would break the connection. Findings shows you what needs fixing; Attack Paths shows what needs fixing first.

What's the difference between IAM Risk and Findings?

Findings evaluates resources (an S3 bucket, an EC2 instance). IAM Risk evaluates identities (an IAM user, an IAM role) and asks: how much of this identity's access is unused, when did it last act, could it escalate further?