Governing AWS

Amazon Web Services (AWS)

Guardrails has a deep integration with Amazon Web Services (AWS).

• Guardrails provides dozens of AWS mods, covering hundreds of AWS resources, with thousands of policies and controls.
• Guardrails' extensive IAM integration allows you to federate AWS access and manage your AWS permissions through the Guardrails console and API.
• Guardrails' event handlers keep the CMDB up to date as AWS resources are created, modified, and destroyed, allowing policy enforcement in real time.
• Guardrails shows all activity in your AWS account - you can quickly see what happened, who made the change, when the activity occurred, and exactly what changed.

Getting started with Guardrails for AWS

1. Import an AWS Account into a Guardrails Folder.
2. Import an AWS Organization into a Guardrails Folder.
3. Set up the AWS Event Handlers to configure real-time events.
4. Enable AWS Services that you will use.
5. Configure Permissions Policies to allow Guardrails to manage AWS permissions for your users.

Security Hub

Guardrails features an integration with AWS Security Hub, allowing architects and engineers without access to the Guardrails console to receive up-to-date information about Guardrails controls for their account.

• Turbot Guardrails Firehose to Security Hub

Further Reading

• Explore AWS Mods
• Set up Guardrails AWS policies with Terraform Policy Packs
• Learn more about permissions in Guardrails