AWS Integration
Connect your AWS account for agent-driven infrastructure operations, deployments, and observability.
Setup
CloudFormation one-click (recommended)
Deploy the cross-account IAM role from Settings → Integrations → Connectors → AWS. The stack creates:
- IAM role with trust policy for the Cendriix control plane
- Scoped permission set based on your chosen access level
- External ID for secure cross-account access
Manual IAM setup
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::<cendriix-account>:role/CendriixAgentRole" },
"Action": "sts:AssumeRole",
"Condition": { "StringEquals": { "sts:ExternalId": "<workspace-external-id>" } }
}]
}Available tools
| Tool | Description |
|---|---|
aws.ec2.describeInstances | List EC2 instances |
aws.ecs.updateService | Update ECS service (deploy) |
aws.s3.putObject / getObject | S3 read/write |
aws.cloudwatch.getMetricData | Query CloudWatch metrics |
aws.cloudformation.createStack | Create CloudFormation stack |
aws.secretsmanager.getSecretValue | Read secrets |
Security
- No source code leaves your VPC — agents execute via cross-account role
- Credentials are never stored; STS assume-role on demand
- Every AWS API call in Cendriix audit log and your CloudTrail
See also: All Connectors, Policies
Last updated on