Skip to content

Getting Started
Installation & Deployment
CSPM & Findings
ASPM
Attack Paths & MITRE
Architecture & Graphs
Red Team & Pentest
Code & Workload Security
Audit & Compliance
FinOps
Autonomous Agent
AI Assistant & Routing
Cloud Findings Hub
Reports
Operations
Integrations
API & Developer Reference
Security & Compliance
Release Notes
Support

Connect Amazon Web Services (AWS)

Connect AWS so RedCloud can assess your account’s posture using a least-privilege, read-only role.

Prerequisites

Requirement	Description	Why it’s needed
An AWS account or organization	The scan target	Defines scope
Permission to create a role	To deploy the onboarding CloudFormation stack	Creates the read-only role RedCloud assumes

Connection methods

Method	When to use
Guided CloudFormation — classic role	Standard cross-account read-only role
Guided CloudFormation — Workload Identity Federation (WIF)	Keyless federation, no long-lived credentials
Access keys	Quick trials or restricted environments

Steps (guided CloudFormation)

Go to Administration → Connections → Deployments and choose AWS.
RedCloud shows setup info and a quick-create CloudFormation link. The stack templates (classic and WIF) are served by the platform.
Launch the stack in your AWS account to create the read-only role.
Return to RedCloud and complete the connection (POST /cloud/connect/aws).
Click Test credentials, then save.

Verification

The account appears under Deployments and in the New Scan launcher.
A scan with an AWS profile (for example full or cis) returns findings.

Troubleshooting

Issue	Cause	Resolution
Connection fails immediately	The backend can’t import the AWS SDK	Ensure `boto3`/`botocore` are installed (bundled by default)
Role assumption denied	Trust policy/account mismatch	Re-deploy the stack with the correct external ID / account
Empty inventory	Role lacks read permissions	Use the provided template unmodified; it grants the needed read access

Next steps