The AWS integration is dormant until Venvera enables the platform-level AWS credentials. Until then the Connect step returns a "not configured" error. The setup instructions below apply once it is enabled.
The AWS integration runs a read-only security posture scan of your AWS account and maps the results to your framework controls. Venvera connects using a cross-account IAM role that you create, so you never share long-lived access keys.
Connecting your account
Create the cross-account role
The setup page shows Venvera's AWS account id and a unique ExternalId for your organisation, together with a ready-to-paste trust policy. Create an IAM role in your account that trusts Venvera's account with that ExternalId.
Attach read-only permissions
Attach the AWS managed policies SecurityAudit and ViewOnlyAccess to the role. Both are read-only.
Enter the role ARN
Paste the role ARN into Venvera and connect. Venvera performs a live AssumeRole to validate the role before saving the connection.
What the scan checks
| Service | Checks |
|---|---|
| IAM | Root account MFA, password policy of at least 14 characters, per-user MFA, access-key rotation older than 90 days |
| S3 | Public access, default encryption |
| CloudTrail | A multi-region trail is logging |
| EC2 | SSH or RDP open to 0.0.0.0/0; EC2 instances and S3 buckets are inventoried as resources |