How do I connect new AWS accounts to my existing OpsCompass tenant?

Once a user has been invited to OpsCompass they can add an organization to be monitored by OpsCompass as long as they are an administrator in AWS.

1) From the OpsCompass dashboard, click "Add Account"


2.) Click the "Connect Amazon Web Services" button. 

1-1

3.) Create the "OpsCompass Viewer IAM Role" which will launch a CloudFormation template.

2-1


4.) Before you "Create stack" on this CloudFormation template confirm the ExternalID parameter from the previous screen matches. 

3-1

5.) Upon completion of the stack creation, navigate to the newly created OpsCompassViewer Role (link provided on screen for convenience).

4-2

6.) Copy the Role ARN at the top as well as the External ID Value (found in "Trust relationships").

5-3

7.) Paste the Role ARN and External ID Value (from step 6) into OpsCompass and "Connect".

6-2

8a.) *Optional* For the full event based scanning experience, set up OpsCompass to be notified of changes in near real time.

Note: If this step is skipped, APIs will be polled approximately every 8 hours. 

7-2

8b.) "Create stack" for event forwarding. 

8-2

 

OpsCompass will begin to scan the environment. You will see the account added to the dashboard, resources populated in the inventory and mapped to the compliance frameworks associated with your OpsCompass account.