Skip to Content

AWS Integration

Connect your AWS account for agent-driven infrastructure operations, deployments, and observability.

Setup

Deploy the cross-account IAM role from Settings → Integrations → Connectors → AWS. The stack creates:

  • IAM role with trust policy for the Cendriix control plane
  • Scoped permission set based on your chosen access level
  • External ID for secure cross-account access

Manual IAM setup

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<cendriix-account>:role/CendriixAgentRole" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "<workspace-external-id>" } } }] }

Available tools

ToolDescription
aws.ec2.describeInstancesList EC2 instances
aws.ecs.updateServiceUpdate ECS service (deploy)
aws.s3.putObject / getObjectS3 read/write
aws.cloudwatch.getMetricDataQuery CloudWatch metrics
aws.cloudformation.createStackCreate CloudFormation stack
aws.secretsmanager.getSecretValueRead secrets

Security

  • No source code leaves your VPC — agents execute via cross-account role
  • Credentials are never stored; STS assume-role on demand
  • Every AWS API call in Cendriix audit log and your CloudTrail

See also: All Connectors, Policies

Last updated on