⚠️
The AWS integration is dormant until Venvera enables the platform-level AWS credentials. Until then the Connect step returns a "not configured" error. The setup instructions below apply once it is enabled.

The AWS integration runs a read-only security posture scan of your AWS account and maps the results to your framework controls. Venvera connects using a cross-account IAM role that you create, so you never share long-lived access keys.

Connecting your account

Create the cross-account role

The setup page shows Venvera's AWS account id and a unique ExternalId for your organisation, together with a ready-to-paste trust policy. Create an IAM role in your account that trusts Venvera's account with that ExternalId.

Attach read-only permissions

Attach the AWS managed policies SecurityAudit and ViewOnlyAccess to the role. Both are read-only.

Enter the role ARN

Paste the role ARN into Venvera and connect. Venvera performs a live AssumeRole to validate the role before saving the connection.

What the scan checks

ServiceChecks
IAMRoot account MFA, password policy of at least 14 characters, per-user MFA, access-key rotation older than 90 days
S3Public access, default encryption
CloudTrailA multi-region trail is logging
EC2SSH or RDP open to 0.0.0.0/0; EC2 instances and S3 buckets are inventoried as resources