In this article, you'll learn how to link your AWS account to Tailwarden and view all your active AWS resources on a single dashboard.
Please note that you must follow the steps on this page to enable cost tracking.
For one single account
For one single account
There are several methods to connect your AWS cloud account to Tailwarden. Three methods use IAM Roles, and one uses credentials. We recommend using an IAM role, as AWS itself advises this approach.
Regardless of the method chosen, here is the list of permissions Tailwarden requires.
Connect using IAM Role
Connect via Cloud Formation (recommended)
Account Label: This is the name you assign to this specific account in Tailwarden.
Step 1: Launch a CloudFormation stack.
Step 2: Connect the account.
Do not close the Tailwarden tab during the process;
Wait until the CloudFormation stack status shows 'CREATE_COMPLETE' on the AWS page. You may refresh the page to check the stack's status. Once complete, click on "Connect account."
If the role is not detected, it's very likely STS is not active. Please refer to this page to activate it.
Connect via AWS CLI
Account Label: This is the name you assign to this specific account in Tailwarden.
Deploy a CloudFormation stack by copying and executing the following command in your terminal. Tailwarden will automatically detect the role and start syncing your account data.
aws cloudformation create-stack --stack-name TailwardenIntegration-cn1tjk7v0ooc709cie20 --parameters "ParameterKey=RoleName,ParameterValue=TailwardenDataCollection-cn1tjk7v0ooc709cie2g ParameterKey=ExternalID,ParameterValue=cn1tjk7v0ooc709cie30 ParameterKey=TailwardenAWSAccountId,ParameterValue=602887012891" --template-url "https://tailwarden-public.s3.eu-central-1.amazonaws.com/integration-latest.json" --capabilities CAPABILITY_NAMED_IAM --on-failure DELETE --region eu-central-1
Connect via IAM Console
Account Label: This is the name you assign to this specific account in Tailwarden.
Create an IAM Role with the specified trust relationship and inline policy. Replace TW_ACCOUNT_ID and EXTERNAL_ID in the trust relationship with the values provided by Tailwarden. Additionally, add the ARN of the role.
Connect using credentials (not recommended)
Account Label: This is the name you assign to this specific account in Tailwarden.
To enable team members to access data from a newly added cloud account, please follow the access guidelines provided on this page.
For one organization account
For one organization account
To connect every member account through the root account, you need to set up the integration using an IAM role through a CloudFormation stack. As a consequence, the first 2 steps are the same as if you were connecting one cloud account.
Account Label: This is the name you assign to this specific account in Tailwarden.
Step 1: Launch a CloudFormation stack.
Step 2: Connect the account.
Wait until the CloudFormation stack status shows 'CREATE_COMPLETE' on the AWS page. You may refresh the page to check the stack's status. Once complete, click on "Connect account."
If the role is not detected after a couple of seconds, it's very likely STS is not active. Please refer to this page to activate it.
Step 3: After having clicked on "Connect account", the list of member accounts will appear. You can select the accounts you want to connect to Tailwarden then click on Continue
The next steps will require you to launch commands through the terminal to trigger two CloudFormation stacks. This is currently the only available option with AWS.
Step 4: Copy the command and run it in your terminal. If you have changed the region in step 1, please ensure that the region is the same in this command. You can verify in CloudFormation that the stack was launched. Then you can click on Continue
Step 5: Very similar to step 4 but it's not the same command. Copy the command and run it in your terminal. If you have changed the region in step 1, please ensure that the region is the same in this command. Contrary to the step 4, you need to wait until the stack has finished running. As soon as it's done, you can click on Continue. Please be advised that it can take some time - you can review the status of it in stack instances in cloud formation.
Step 6: The last step! You just need to setup accesses per account. See here to have more information.
As soon as your cloud account(s) is(are) connected - you can jump in the inventory and see all your resources! If you want to learn how to leverage the inventory to get insights on resources, costs, and compliance, refer to this page
To enable team members to access data from a newly added cloud account, please follow the access guidelines provided on this page.
If you want to get granular insights on costs, there is an additionnal step to be done. Please refer to this page to learn more
Ready to reclaim control of your cloud infrastructure? Connect with us to explore Tailwarden's capabilities and book a personalized demo.