Onboard cloud accounts for Compass

Learn how to onboard cloud accounts for CoreStack Compass.


Private preview notice:

This article describes features that are currently only available in private preview.
Please contact [email protected] to learn how you can get access.


In order to utilize the assessment feature available in the Compass product offering, you must onboard your cloud accounts in CoreStack in a particular way. It's very similar to the standard way of onboarding cloud accounts, but there are a few additional steps that must be done in order to enable CoreStack to properly run an assessment on your cloud resources.

These unique steps are explained in detail below, but can be summarized as:

  1. Select the Assessment + Governance access type during the onboarding process and deploy the right template.
  2. Configure the cloud account post-onboarding to enable access permissions.

To learn the general steps for onboarding cloud accounts in CoreStack, as well as how to create a new cloud account. please see Onboarding Overview.

Part 1: choosing the correct access type

Follow the steps below to perform the first step for properly onboarding your cloud account for CoreStack Compass assessments.

  1. First, navigate to Account Governance in the left-hand sidebar. Here, you should see any other cloud accounts already onboarded.

  2. To add a new cloud account, click the Add New button in the top right corner of the dashboard view. This will open a drop-down menu.

  3. Select Single Account from the drop-down options, then Start Now to proceed. This should open a new pop-up box view with a series of field on the left, and some helpful information on the right. Complete the fields on the left to onboard your cloud account.

  4. First, under Public Cloud, select which platform your cloud account exists in (AWS, Azure, GCP).

    • Click Get Started at the bottom to proceed to the next step.
  5. After selecting your platform and clicking Get Started, you'll see a screen titled Choose account & access type.

  6. Under Access Type, select Assessment + Governance. You must select this option in order to enable the full Compass assessment experience in CoreStack.

    • The Assessment + Governance option allows CoreStack to use the read and write permissions necessary to properly scan and validate your cloud workloads.


Full onboarding walk-throughs:

To read the rest of the full steps for onboarding cloud accounts based on their platform, please refer to the relevant links below as needed:

Part 2: Configuring your cloud account post-onboarding

Follow the steps below to perform the second step for properly onboarding your cloud account for Compass assessments.

  1. Once you've completed the initial steps to add a new cloud account to CoreStack, navigate to Account Governance in the left-hand sidebar.

  2. For the cloud account you'd like to enable assessments for, click on View under the Actions column to open the drop-down menu, then select View Settings.

  3. This will take you to the Cloud Account Details page, where you can view different information about the cloud account. Select Governance Configuration from the left-hand menu to see a row of governance categories appear along the top right side of the screen.

  4. Select Compliance. This will show you a list of cloud frameworks and standards. Scroll down and select ____ Well-Architected Framework.

    • The blank part will be whichever cloud platform you selected previously (AWS, Azure, etc).
  5. You may see a red text message that reads: "It seems AWS Well-Architected Framework configuration is not done yet." Click on Configure beside it to proceed.

  6. This will bring up a dialog box along the bottom edge of the UI that contains two steps: Verify Access, and Configure.

    • The Verify Access sections will show you a list of mandatory and optional permissions that are either enabled or disabled. As noted previously, and in the UI, certain permissions (read and write) must be enabled in order for CoreStack to properly run scans and validate resources as part of the Compass assessment.
  7. Review the permissions listed here and take note of any mandatory permissions with a red 'x' next to them -- these are not enabled and must be in order for the assessment to run properly. You need to take the necessary steps to enable these permissions in the respective cloud platform before running an assessment.

For additional guidance on how to do this, please refer to the steps in our other user guides below: