Getting Started

Getting Started with Turbot Guardrails

Your free trial is a 2-week Preventive Security Posture Assessment. We connect your cloud organization, evaluate your preventive posture, and test controls against your real environment.

You don't need to know exactly what to scope. Guardrails shows you where you stand and recommends what to do next.

How the Trial Works

Your Trial Team

Your account rep and a dedicated Customer Success (CS) lead work with your team throughout the trial:

Onboarding call to connect your environment and walk through your first results together
Check-in screenshares to progress through use cases, review findings, and adjust scope
Close-out meeting to review outcomes and decide on next steps

Your CS lead is your direct contact for the duration. No support tickets needed.

The Assessment Path

The trial follows a natural progression through the Guardrails platform. Each step builds on the last:

Step	What You'll Do	Learn More
1. Visualize	Connect your org, see your preventive posture	Visualize Preventive Posture
2. Benchmark	Score against CIS, NIST, and other frameworks	Benchmark & Understand Gaps
3. Simulate	Pick a policy, test it against real data	Simulate & Test Controls
4. Deploy	Roll out a control, see the improvement	Rollout & Expand
5. Runtime	Add accounts, auto-remediate in real time	Runtime Prevention

Step 1: Visualize Your Preventive Posture

Connect your cloud organization in read-only mode. Guardrails discovers your org structure, accounts, OUs, SCPs, RCPs, and policy coverage automatically.

Prevention objectives view showing organizational posture

Within minutes, you'll see:

Your organization hierarchy and account structure
Which preventive policies are in place and where
Inheritance chains showing how policies flow through your org
Coverage gaps where accounts or OUs lack protection

This is the starting point. No runtime agents, no broad permissions, just a read-only view of where your preventive controls stand today.

What you need: Read-only access to your cloud organization management account or tenant. We provide CloudFormation templates and setup guides for IAM role configuration.

Cloud	Setup Guide
AWS	Import AWS Organization
Azure	Import Azure Tenant
GCP	Import GCP Organization
GitHub	Import GitHub Organization

Learn more about visualizing your preventive posture

Step 2: Benchmark and Get Recommendations

Once your org is connected, Guardrails benchmarks your preventive posture against industry frameworks like CIS, NIST, and others.

Dashboard scoring showing prevention posture across the organization

You'll see:

Prevention scores across your organization
Objectives ranked by priority and impact
Specific recommendations to improve your posture
Which accounts and OUs have the biggest gaps

Recommendations with specific actions to improve posture

This turns "we think we have gaps" into a concrete, scored assessment. Your CS lead will walk through the findings with you and help prioritize which recommendations to act on first.

Learn more about benchmarking and understanding gaps

Step 3: Simulate and Test a Control

Pick a recommendation from Step 2. Before deploying anything, Guardrails lets you simulate the policy against your real environment.

How it works:

Select a preventive control (e.g., "require S3 encryption in transit")
Guardrails tests it against actual activity data
See the blast radius: which resources would be affected, which are already compliant
Modify and compare scenarios before committing

Comparing policy scenarios side by side

This is the dry run. You see the impact before anything changes. Your CS lead can help you pick a good first control to test, something easy to validate like S3 public access blocks, bucket versioning, or IAM access key policies.

Learn more about simulating and testing controls

Step 4: Deploy and See the Improvement

When you're confident in the simulation results, deploy the control. Your prevention score updates to reflect the improvement, and Guardrails monitors for drift going forward.

CIS benchmark score improving after deploying controls

Start with a single policy on a focused scope. Once you see it working, expanding to more controls follows the same pattern. Return to the benchmark dashboard to see your posture improve and identify the next recommendation to act on.

Learn more about rolling out and expanding controls

Step 5: Runtime Controls

Want to go beyond org-level prevention? Add your AWS, Azure, GCP, or GitHub accounts to test preventive runtime controls that auto-remediate misconfigurations in real time.

To get started with runtime:

Connect a sandbox or dev account with broader permissions
Your CS lead will pre-configure policy packs for your use cases
Deploy a control in check mode to see findings without changing anything
Switch to enforce mode to auto-remediate and keep resources compliant

Auto-remediation activity log showing controls enforced in real time

Common runtime use cases:

Category	Examples
Security	Encryption enforcement, public access blocking, overpermissive security groups, IAM access key rotation
FinOps	Orphaned volumes, old snapshots, previous-generation instance types, long-running unused resources
Tagging	Auto-tag creator and timestamp, enforce casing standards, lookup and apply values by context
Compliance	CIS benchmark controls, NIST alignment, continuous audit readiness

Identifying Your Next Use Case

Use the recommendations in Guardrails to identify which runtime controls to work on next. Already have visibility from a CNAPP or CSPM tool? Bring your biggest finding categories in as runtime controls to stop those findings from growing, and burn them down with auto-remediation.

Don't have visibility into problems in your environment yet? Turbot Pipes can scan your accounts and run CIS benchmark reports to surface the biggest gaps before you start.

Learn more about runtime prevention

Ready to Convert?

If the assessment met your evaluation criteria, converting is straightforward:

Payment options: Credit card, ACH, invoice, or AWS Marketplace
Pricing: Usage-based at $0.05 per active control per month for Cloud/SaaS, metered daily

Your account rep will work with you on contract and procurement next steps.

If it's not the right time: No pressure. We'll confirm and decommission the trial environment. You're welcome to revisit later.

FAQ

How do I start a trial?

Schedule a discussion with our team to scope your assessment and define use cases. We'll provision your workspace and schedule an onboarding call.

How do I get access to my workspace?

Before your onboarding call, sign up for a guardrails.turbot.com account. We'll add you to your workspace. Other team members can sign up and be added the same way, or we can set everyone up together during the onboarding call.

How do I add more team members?

If you are using the Turbot SAML authentication method, first have your team member create a free account on the User Sign Up Page.

Ask your team member to login to the Workspace using Turbot SAML with the newly created account.
Immediately upon logging in, a new user profile is created. As Turbot/Owner of the workspace, you can now assign permissions to your team member.
Go to the Permissions tab designated by user icon.
Click the green Grant Permissions button.
Leave the resource scope as Turbot.
In the Identities field, type in the user name of your team member. Select the profile in the drop down menu.
Click the Permissions field and select Turbot/Owner.
Click the Grant button.
Your team member will now have the same level of permissions as yourself. These can be modified in the future to be more specific.

What does the trial cost?

The 2-week assessment is free. No credit card required. There's no cost until you convert to a paid environment.

Can I extend my trial?

Yes. If you're actively evaluating and need more time, we're happy to extend to 3-4 weeks. We want a clear outcome, not a rushed one.

How many accounts or organizations can I connect?

Start with what matters. We recommend 1-2 accounts per cloud provider to keep the evaluation focused. You can add more as you progress through use cases. For org-level assessment, one management account gives you visibility across your entire organization.

Can I trial multiple clouds?

Yes. Guardrails supports AWS, Azure, GCP, and GitHub. Connect whichever providers are relevant to your environment.

What support do I get during the trial?

Your account rep and CS lead are your direct contacts throughout. You also have access to our public Slack community for best-effort support.

Do we need to sign anything?

A Mutual NDA is not required. If your organization requires one, our pre-signed MNDA is available here for countersignature. We also accept your organization's NDA. We recommend closing this out before the trial begins if applicable.

What about Turbot Pipes?

Turbot Pipes is available as a free trial as well. It provides cross-cloud visibility, dashboards, and benchmarking that complements Guardrails. Ask your account rep to include Pipes in your assessment.

What about Kubernetes Security Posture Management (KSPM)?

Guardrails includes Kubernetes security posture management capabilities. These can be included in your free trial. Discuss with your account rep during the planning call to scope this into your assessment.

What about ServiceNow integration?

Guardrails integrates with ServiceNow for real-time CMDB sync and inventory tracking. This can be included in your free trial. Discuss with your account rep during the planning call.

How do I convert to paid?

Provide a payment method: credit card, ACH/invoice, or purchase through AWS Marketplace. See Guardrails Pricing for full details.

What if I decide not to continue?

We confirm you want to end the trial and decommission the environment. No pressure, no obligation.