Connecting Kawach & AWS Accounts

Overview

This article explains how to integrate AWS with Kawach to enable centralized compliance monitoring across your AWS environment. Once connected, Kawach can monitor AWS resources in read-only mode and surface relevant findings as part of your compliance and risk workflows.

This integration helps ensure that cloud infrastructure configurations, access controls, and operational signals are consistently tracked and available for audits, reviews, and internal assessments.

Prerequisites

Before starting the integration, ensure the following:

Your organization has an active AWS account.
You have access to the AWS IAM console with permissions to create IAM roles.
An AWS account admin is available to approve the connection.
You have access to your organization’s Kawach account with permissions to manage integrations.

What Kawach Accesses

Kawach connects to AWS in read-only mode. It does not modify any configuration or resources in your AWS account.

Once connected, Kawach can:

Read IAM roles, policies, and resource configurations
Read CloudFormation stacks to assess infrastructure-as-code deployments
Read CloudWatch metrics and logs to monitor resource health and detect anomalies relevant to compliance and operational risk

Steps to Integrate AWS with Kawach

Step 1: Navigate to Integrations in Kawach

Log in to your Kawach account.
Go to Settings.
Select the Integrations Tab.
Click Create.
Locate AWS from the list of available integrations.
Click Connect.

Step 2: Authorize Kawach in AWS

You will be redirected to the AWS IAM role creation flow.
Follow the prompts to create a new IAM role for Kawach.
Review the permissions requested by Kawach.
Approve the role creation.

Note: You must have sufficient IAM permissions and AWS account admin approval to authorize the integration.

Step 3: Review and Confirm Permissions

After authorization:

Review the attached read-only policies:
SecurityAudit
AWSCloudFormationReadOnlyAccess
CloudWatchReadOnlyAccess
Confirm the permissions.

Kawach will begin syncing data from your AWS account.

After the Integration

Once the integration is complete:

AWS resources are continuously monitored within Kawach.
Relevant findings can be surfaced as part of compliance workflows.
Teams get centralized visibility across their cloud environment without switching tools.

This setup supports ongoing compliance by ensuring cloud infrastructure evidence is consistently available.

Troubleshooting

Pin icon Authorization failed

⌄

Ensure you are logged into the correct AWS account and have permission to create IAM roles, with account admin approval.

Pin icon Resources not visible

⌄

Verify that the IAM role includes all required read-only policies.

Pin icon Data not syncing

⌄

Allow a few minutes after setup. If issues persist, try reconnecting the integration.