Amazon Web Services Generally available

Connect your AWS account so StickSecure can automatically gather evidence for your compliance assessments. The connection uses a read-only IAM role with a tenant-scoped External ID — StickSecure never holds long-lived AWS credentials.

This integration contributes evidence to Essential Eight ISO 27001 SOC 2 NIST CSF.

What you’ll learn

• How to grant StickSecure read-only access to your AWS account
• Which AWS services are assessed and what evidence is collected
• How to verify the connection and read your first results
• How to resolve the most common connection errors

✓Before you start

• A StickSecure user with the IT Administrator role
• An AWS account with permission to create IAM roles (typically AdministratorAccess or equivalent)
• The StickSecure tenant ID and External ID from the Connect dialog

Connection steps

⏱Estimated time: 10 min

1. Open the Integrations page in StickSecure

   From the left navigation, choose Integrations → AWS, then click Connect. Copy the External ID shown in the dialog — you'll paste it into AWS in the next step.

2. Deploy the IAM role in AWS

   In the AWS console, open CloudFormation → Create stack and use the template linked from the Connect dialog. When prompted, paste the External ID exactly as shown. The template provisions a read-only IAM role; no resources are modified.

3. Copy the role ARN

   Once the stack reaches CREATE_COMPLETE, open the Outputs tab and copy the value of StickSecureRoleArn.

4. Paste the role ARN into StickSecure

   Back in StickSecure, paste the ARN into the Connect dialog and click Test connection. A green tick confirms the connection.

5. Wait for the first assessment

   The first automated assessment begins within five minutes. You'll receive an in-app notification when it completes — typically 10–20 minutes for a mid-sized account.

How to know it worked

• A green tick appears next to AWS on the Integrations page.
• The connection's Last seen timestamp updates within five minutes.
• Evidence items begin appearing on the dashboard tagged with the AWS source.

Common errors

Error	Cause	Fix
AccessDenied	The IAM role trust policy is missing the StickSecure principal or External ID is wrong	Re-deploy the CloudFormation template; do not edit the trust policy by hand
InvalidClientTokenId	The External ID in the role does not match your tenant	Copy the External ID exactly from the StickSecure Connect dialog and update the role
Throttling	AWS is rate-limiting the API calls in a very large account	No action needed — StickSecure retries automatically with backoff
NoSuchEntity	The role ARN was deleted or renamed in AWS	Recreate the role and paste the new ARN into StickSecure

Related articles

• Connecting an integration

  General workflow for any cloud or SaaS integration

• Disconnecting an integration

  Safely remove an AWS connection

• Managing integration credentials

  Rotate, audit, and review connected credentials

• Essential Eight framework

  See which AWS evidence maps to the Essential Eight