How do I connect new AWS accounts to my existing OpsCompass tenant?

Once a user has been invited to OpsCompass they can add an organization to be monitored by OpsCompass as long as they are an administrator in AWS.

1) From the OpsCompass dashboard, click "Add Account"
Screenshot 2023-09-21 at 10.28.48 AM

2.) Click the "Connect Amazon Web Services" button. 

Screenshot 2023-09-22 at 1.04.26 PM

3.) Create the "OpsCompass Viewer IAM Role" which will launch a CloudFormation template.

Screenshot 2023-09-22 at 1.05.05 PM

4.) Before you "Create stack" on this CloudFormation template confirm the ExternalID parameter from the previous screen matches. 

Image of the Create stack AWS page

5.) Upon completion of the stack creation, navigate to the newly created OpsCompassViewer Role (link provided on screen for convenience).

Screenshot 2023-09-22 at 1.05.05 PM

6.) Copy the Role ARN at the top as well as the External ID Value (found in "Trust relationships").

Image of the AWS Summary page

7.) Paste the Role ARN and External ID Value (from step 6) into OpsCompass and "Connect".

Screenshot 2023-09-22 at 1.05.05 PM

8a.) *Optional* For the full event based scanning experience, set up OpsCompass to be notified of changes in near real time.

Note: If this step is skipped, APIs will be polled approximately every 8 hours. 

Image of the inventory scanning modal

8b.) "Create stack" for event forwarding. 

Image of the Event Capturing page


OpsCompass will begin to scan the environment. You will see the account added to the dashboard, resources populated in the inventory and mapped to the compliance frameworks associated with your OpsCompass account.