Importing Accounts
Importing Account Basics
Guardrails makes it easy to import AWS accounts, Azure subscriptions, and GCP projects. All three types of accounts can be imported via the Console, Terraform, or even via a GraphQL API request. Do a thorough read of the appropriate integration guides. These contain additional steps that must be done prior to importing into Guardrails:
Ensure that the proper access permissions are in place in the child account or Guardrails won't be able to get very far with Discovery!
Guardrails Console
To import an account, navigate to Accounts in the left sidebar, then click the Actions dropdown and select Connect Account.
Select your cloud provider:
AWS
AWS supports importing individual accounts or entire AWS Organizations.
AWS Account: Import a single AWS account with cross-account IAM role access.
AWS Organization: Import your entire AWS Organization hierarchy, including all OUs and member accounts. Organizations import includes:
- Discovery Levels: Configure which OUs and accounts to import at the resource level (full import), account level (metadata only), or exclude entirely.
- Test Discovery: Validate your organization structure before committing to import.
- Test Connection: Verify member account role access before import.
For detailed instructions, see:
Azure
Azure supports importing subscriptions, tenants, management groups, and Active Directory.
Subscription
Import an individual Azure Subscription.
Tenant
Import an Azure Tenant to manage multiple subscriptions.
Management Group
Import an Azure Management Group hierarchy.
Active Directory
Import Azure Active Directory for identity governance.
For detailed instructions, see Import Azure Resources.
GCP
GCP supports importing individual projects or entire organizations.
Simple import
Import a GCP Project with basic configuration.
Advanced import
Import a GCP Project with advanced options.
For detailed instructions, see: