Book a Demo

Configuration

AWS Integration Setup Guide

Requirements

  • An active Nullify tenant.

  • AWS permissions to create IAM roles and (optionally) deploy CloudFormation StackSets.

  • Access to Terraform or CloudFormation tooling.

Setup Overview

Nullify uses cross-account IAM roles to ingest metadata from your AWS accounts. The dashboard supplies the parameters you need to deploy our CloudFormation or Terraform template.

Information You Provide

  • IAM role name to create within your accounts (for example nullify-cross-account-role).

  • Target account IDs that Nullify should monitor.

Parameters Supplied by Nullify

  • Nullify role ARN for the external principal.

  • External ID to enforce a trusted relationship.

  • S3 bucket name for encrypted data transfer when required.

All example identifiers below are placeholders—replace them with the values displayed in your tenant.

Setup Steps

  1. Open the Nullify console: Configure → Integrations → AWS.

  2. Enter your role name and list of account IDs.

  3. Download the deployment template (CloudFormation or Terraform) with your tenant-specific parameters embedded.

  4. Deploy the template:

    • Single account: Launch via AWS Console, CLI, or your preferred IaC workflow.

    • Multiple accounts: Use CloudFormation StackSets or Terraform loops. Ensure the role name is consistent across accounts.

  5. Verify the integration: return to the Nullify console to confirm that the role can be assumed.

Deployment Modes

Single Account

Deploy the template directly into the account hosting your workloads. Grant the cross-account role permission to discover resources in the regions you care about.

Multi-Account / AWS Organizations

Use StackSets or Terraform to roll out the integration across member accounts. Deploy the role to both the management and member accounts so Nullify can analyse shared services and spokes.

The current release expects the same IAM role name in every account. Contact support if you require per-account variation.

Validation Checklist

  • Account IDs are valid 12-digit numbers.

  • The IAM role exists and trusts the Nullify role ARN with the provided external ID.

  • The permissions policy matches the template (least privilege for discovery only).

Troubleshooting

  • Role not found — Confirm the StackSet or Terraform run succeeded in each account.

  • Access denied — Verify the trust policy includes the Nullify role ARN and external ID.

  • Stale data — Make sure CloudTrail/Config events are flowing if you rely on change detection.

Kubernetes Optional Add-on

Quick Start

  1. Navigate to Integrations

    • Log in to your Nullify dashboard

    • Go to Configure > Integrations

    • Select AWS integration

  2. Configure Integration

    • Provide your IAM role name

    • Specify target AWS account IDs

    • Download the CloudFormation or Terraform template

  3. Deploy Template

    • Deploy the template to your AWS account(s)

    • For multi-account setups, use CloudFormation StackSets

Documentation

The repository includes:

  • Complete installation guides

  • Multi-account and organization-wide deployment instructions

  • Configuration examples

  • Troubleshooting guides

  • Security and permissions details

Kubernetes Integration

Quick Start

Deploy the Nullify Kubernetes collector to scan your clusters for vulnerabilities.

Prerequisites

  • Kubernetes cluster (EKS, GKE, AKS, or self-managed)

  • Helm v3 installed

  • AWS account with Nullify integration configured

Installation

For complete installation instructions, configuration options, and troubleshooting:

Nullify Kubernetes Collector

To relate Kubernetes workloads back to AWS accounts, deploy the Nullify Kubernetes Collector. The Helm chart includes installation instructions, configuration samples, and troubleshooting guidance.

PreviousAWSNextNullify API

Last updated

Was this helpful?