Dashboard›Connect AWS

Connect your AWS account

Set up a read-only IAM role so DevControl can analyse your costs, security posture, and infrastructure health.

Create the IAM role

In your AWS Console, create a new IAM role with the following trust policy. This gives DevControl read-only access to your account.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Attach the ReadOnlyAccess managed policy to this role.

Enter your Role ARN

After creating the role, paste the Role ARN below. It looks like: arn:aws:iam::123456789012:role/DevControlRole

Account nickname (optional)

What DevControl reads

✓EC2, RDS, Lambda, S3 resource metadata
✓CloudWatch metrics and alarms
✓Cost and usage reports
✓Security Hub findings
✓CloudTrail audit logs

Read-only. DevControl never modifies your infrastructure.

Security

🛡️AES-256 encrypted at rest
🛡️SOC 2 audit underway
🛡️Role credentials never stored

Need help?

Our setup guide walks through the exact IAM role configuration step by step.

View setup guide →