AWS Cloud Account Onboarding: Post-Onboarding Steps

Learn what configurations need to be made after you've onboarded your AWS cloud account(s) successfully into CoreStack,


Once you complete the previous onboarding steps , your newly onboarded AWS cloud account will be displayed on the screen, on the Account Governance main dashboard.

Configure standard permissions in your cloud account post-onboarding

Click on View > View Settings to configure the standard permissions.

1100 1100

Mandatory Permissions for Configuring the AWS WAF:

  • config:DescribeConfigRuleEvaluationStatus
  • config:DescribeConfigurationRecorders
  • config:GetComplianceDetailsByConfigRule
  • config:PutConfigRule
  • config:PutEvaluations
  • iam:GetRole
  • lambda:AddPermission
  • lambda:CreateFunction
  • lambda:DeleteFunction

Optional Permissions:

  • config:DeleteConfigRule
  • wellarchitected:CreateWorkload
  • wellarchitected:GetWorkload
  • wellarchitected:ListWorkloads
  • wellarchitected:UpdateAnswer
  • wellarchitected:UpdateWorkload



  • Lambda permissions must be enabled in the AWS portal
  • Config recorder must be enabled in the AWS portal
  • IAM get role must be enabled in the AWS portal
1100 1100

If Config recorder is not enabled, then you need to enable it from the AWS console.

To do this, navigate to AWS Config > Recorder in the AWS portal.