Skip to main content
Updating an AWS account keeps Plerion’s permissions up to date, ensuring the platform can continue scanning your cloud environments and reporting accurate findings. You should update an account if:
  • Template update required: The Plerion CloudFormation template has been updated with new permissions. This is flagged by the PLERION-PLN-02 detection. If this finding fails, update the account.
    PLN-2 detection in Plerion Findings dashboard
  • Enable or disable CWPP: Add or remove the Cloud Workload Protection Platform (CWPP) capability for an existing account.

Steps to update a single AWS account

If you onboarded your AWS account using the Automated mode, you can update the CloudFormation stack in one of three ways:
  • Update existing stack using the AWS Console
  • Update existing stack using the CLI
  • Create a new stack

Update existing stack using the AWS Console

1

Open the AWS account you want to update

  • On the Plerion dashboard, go to Settings > Integrations, and find the AWS account you want to update
  • Click the edit icon next to Role ARN
Integrated AWS account with Role ARN highlighted
2

On the Update Existing Stack (Console) tab, click Launch stack

Updating the existing stack using the AWS console
3

On the Specify stack details page in AWS, open Configure stack options

4

Copy the AuthToken from Plerion to AWS

Copy the AuthToken value from Plerion’s Stack Parameters box into the matching field in AWS.
Stack Parameters box with AuthToken value

Specify stack details page in AWS with AuthToken parameter
5

Select the CWPP capability (optional)

To enable workload protection, select CWPP before continuing.
Select CWPP if you want to scan workloads such as EC2, Lambda, or ECS.
CWPP capability checkbox selected
6

Review and confirm capabilities

On the Review page, tick the required Capabilities box.
CloudFormation Review page with required Capabilities box ticked
7

Submit the stack update

  • In AWS, click Update stack to apply the changes.
  • Plerion will automatically detect the updated resources and refresh the integration when the update completes.

Update existing stack using the CLI

1

Open the AWS account you want to update

  • On the Plerion dashboard, go to Settings > Integrations, and find the AWS account you want to update
  • Click the edit icon next to Role ARN
Integrated AWS account with Role ARN highlighted
2

On the Update Existing Stack (CLI) tab, copy the CLI command

Updating the existing stack using the CLI command
3

Insert stack parameters

Copy all values from Plerion’s Stack Parameters box into the CLI command.
Stack Parameters box with values for CLI update
4

Run the CLI command

  • Execute the command in your terminal.
  • Plerion will automatically detect the updated resources once the update completes.

Create a new stack

1

Open the AWS account you want to update

  • On the Plerion dashboard, go to Settings > Integrations, and find the AWS account you want to update
  • Click the edit icon next to Role ARN
Integrated AWS account with Role ARN highlighted
2

On the Create a New Stack tab, click `Launch stack`

Launching a new stack in AWS
3

Deploy the stack in AWS

Follow the on-screen instructions in AWS to create the new stack.
4

Verify the update in Plerion

After deployment, Plerion will detect the new resources and refresh the integration.

Manual mode

If you onboarded your AWS account using Manual mode, update the IAM role directly.
1

Edit the IAM role in AWS

In your AWS account, open the IAM role used by Plerion and edit its configuration.
2

Apply the updated policy

Replace the trust policy or permissions JSON with the updated values shown in Plerion.
3

Validate the integration in Plerion

Save your changes in AWS, then return to Plerion and click Update to validate the integration.

Steps for updating multiple AWS accounts

You can only update multiple accounts from the management account integration.
1

Open the AWS management account you want to update

  • On the Plerion dashboard, go to Settings > Integrations, and find the AWS management account you want to update
  • Click the edit icon next to Role ARN
2

Select Multi Account Onboarding

  • On the Edit integration page, click Update using Multi Account Onboarding.
  • On the Select capabilities screen, click Next.
Update using Multi Account Onboarding option
3

Click the Update Existing StackSet tab

Update Existing StackSet tab selected in AWS console
4

Copy the AuthToken to AWS

Copy the AuthToken value from Plerion’s Stack Parameters box into the matching field in AWS.
Stack Parameters box with AuthToken value
Specify stack details page with AuthToken field populated
5

Set deployment options

On the Set deployment options page in AWS, set Automatic deployment to Deactivated.
Automatic deployment option set to Deactivated
6

Review and submit the update

  • On the Review page in CloudFormation, tick the required Capabilities box, then click Submit.
  • Plerion will automatically detect the updated StackSet resources once the update completes.
CloudFormation Review page with required Capabilities box ticked