Configuration
AWS Integration Setup Guide
Requirements
An active Nullify account
AWS account with permissions to create IAM roles
Access to AWS CloudFormation or Terraform
Setup Overview
Nullify's AWS integration follows a secure cross-account access pattern that requires specific configuration parameters. You'll need to provide certain information to complete the integration setup entirely through the Nullify dashboard interface.
Required Information
When setting up the AWS integration, you'll need to provide the following information in your Nullify dashboard:
From Your AWS Deployment
IAM Role Name: The name of the IAM role created by the CloudFormation/Terraform template
Target Accounts: List of AWS account IDs where the integration should scan for resources
From Nullify (Provided During Setup)
Your deployment template will need the following parameters from Nullify:
Nullify Role ARN: The ARN of Nullify's cross-account role (provided in dashboard)
Bucket Name: S3 bucket name for secure data transfer (if applicable)
External ID: Unique identifier for secure cross-account access
Note: All account IDs, role ARNs, and bucket names shown in examples use placeholder values. Replace with your actual values during deployment.
Setup Process
Access Integration Setup
Log in to your Nullify dashboard
Navigate to Configure > Integrations
Select AWS integration to begin setup
Configure Integration Parameters
Provide your IAM role name (e.g.,
nullify-cross-account-role)Specify target AWS account IDs (e.g.,
123456789012,987654321098)Note the provided Nullify role ARN, bucket name, and external ID
Deploy the Template
Download the customized CloudFormation or Terraform template
Deploy using your preferred method:
CloudFormation:
Single account: Deploy through AWS Console, AWS CLI, or IaC
Multi-account: Deploy using AWS CloudFormation StackSets
Terraform: Apply using your existing Terraform workflow
Configuration Modes
Single Account
For single AWS account deployments, deploy the template directly to your target account with the provided parameters.
Multi-Account Setup
For organizations managing multiple AWS accounts:
Use CloudFormation StackSets to deploy consistently across accounts
Ensure the same IAM role name is used across all accounts
Currently, the integration uses a single role name across all accounts
Organization-wide Scanning
For AWS Organizations, we recommend using CloudFormation StackSets to deploy the integration across your organization. This ensures consistent deployment and easier management of the Nullify integration across your AWS landscape.
Important: Organization-wide scanning requires the IAM role to be deployed in the management account (formerly master account) as well as all member accounts.
Role Configuration Limitations
Current Limitation: The integration currently supports a single IAM role name across all target accounts. The same role name must be used in all AWS accounts.
Validation Requirements
All account IDs must be valid 12-digit AWS account numbers
The specified IAM role must exist in all target accounts
Role must have the required permissions as defined in the CloudFormation/Terraform template
Troubleshooting
Common Issues
Role Not Found: Ensure the IAM role exists in all specified accounts
Access Denied: Verify the role has correct permissions and trust policy
Security Note
The deployed templates create IAM roles with minimal required permissions that allow Nullify to securely collect only the necessary information for vulnerability analysis. All access follows the principle of least privilege.
Need Help?
For deployment issues: contact support@nullify.ai
Kubernetes Integration
Nullify's Kubernetes integration enables security scanning of your Kubernetes clusters to identify vulnerabilities. The integration deploys a collector that gathers cluster information and securely transmits it to Nullify for analysis.
Prerequisites
Kubernetes cluster (EKS, GKE, AKS, or self-managed)
Helm v3 installed
AWS account with Nullify integration configured(IAM role)
Installation
For complete installation instructions, configuration options, and troubleshooting, please refer to our public GitHub repository:
The repository contains:
Detailed Helm installation instructions
Configuration examples and customization options
Troubleshooting guides
Latest releases and updates
Support
For general support: contact support@nullify.ai
Last updated
Was this helpful?