Other Articles

How to integrate Kawach with AWS?

Support > AWS Integration

January 08, 2026

AWS Logo

Overview

This article explains how to integrate AWS with Kawach to enable centralized compliance monitoring across your AWS environment. Once connected, Kawach can monitor AWS resources in read-only mode and surface relevant findings as part of your compliance and risk workflows.

This integration helps ensure that cloud infrastructure configurations, access controls, and operational signals are consistently tracked and available for audits, reviews, and internal assessments.

Prerequisites

Before starting the integration, ensure the following:

  • Your organization has an active AWS account.
  • You have access to the AWS IAM console with permissions to create IAM roles.
  • An AWS account admin is available to approve the connection.
  • You have access to your organization’s Kawach account with permissions to manage integrations.

What Kawach Accesses

Kawach connects to AWS in read-only mode. It does not modify any configuration or resources in your AWS account.

Once connected, Kawach can:

  • Read IAM roles, policies, and resource configurations
  • Read CloudFormation stacks to assess infrastructure-as-code deployments
  • Read CloudWatch metrics and logs to monitor resource health and detect anomalies relevant to compliance and operational risk

Steps to Integrate AWS with Kawach

Step 1: Navigate to Integrations in Kawach

  1. Log in to your Kawach account.
  2. Go to Settings.
  3. Select the Integrations Tab.
  4. Click Create.
  5. Locate AWS from the list of available integrations.
  6. Click Connect.

Step 2: Authorize Kawach in AWS

  1. Go to the AWS IAM Centre. AWS IAM Centre
  2. Click "Create Role". Create Role
  3. From Trusted entity types, select "AWS Account".
    Select "Another AWS Account" and provide:
    Account ID: 340752827223 AWS Account ID
  4. Select "Require external ID" and provide:
    External ID: a1323834-d232-4c3f-b0a0-95cbd103e0e8 External ID
  5. In the "Add Permission Policies" step, select the following:
    • SecurityAudit
    • AWSCloudFormationReadOnlyAccess
    • CloudWatchFullAccessV2
    Permission Policies
  6. Click "Next".
  7. Provide the role name as Kawach-Auditor and click "Create Role". Role Name
  8. Open Kawach-staging as admin → Go to Settings → Integrations. Kawach Settings
  9. Click "+ Create" → Select AWS → Click Connect. Connect AWS
  10. Provide the Role ARN as the Client Secret.
    Provide your AWS Regions (comma-separated if multiple). Role ARN
  11. Click "Submit".

Kawach will begin syncing data from your AWS account.

After the Integration

Once the integration is complete:

  • AWS resources are continuously monitored within Kawach.
  • Relevant findings can be surfaced as part of compliance workflows.
  • Teams get centralized visibility across their cloud environment without switching tools.

This setup supports ongoing compliance by ensuring cloud infrastructure evidence is consistently available.

Troubleshooting

  • Authorization failed

    Ensure you are logged into the correct AWS account and have permission to create IAM roles, with account admin approval.

  • Resources not visible

    Verify that the IAM role includes all required read-only policies.

  • Data not syncing

    Allow a few minutes after setup. If issues persist, try reconnecting the integration.