Skip to main content
You can link target accounts either when creating new AWS integrations or by updating existing ones.
The service account can only be linked to a target account that is part of the same AWS organization.

Create new target accounts

Onboard a single AWS account

1

On the Plerion dashboard, go to Settings > Integrations

Sidebar navigation with Settings expanded and Integrations highlighted
2

Find AWS account and click the + button

Click Add single AWS account to continue with onboarding a single AWS account.
Integrations page with AWS account option and plus button to add integration

Integrations page with AWS account option, with the single account option or multi-account option
3

Select your desired capabilities

  • Select CSPM, CIEM and CWPP
  • For the CWPP deployment, choose Service account and select your service account.
  • Click Next to continue.
Single-account capabilities with CWPP Service account
4

Launch the CloudFormation stack

Click Launch stack to open the Quick create stack page in AWS CloudFormation.
Launch CloudFormation stack for AWS service account
5

Verify the Service account parameter and create the stack

CloudFormation with Service account parameter present
6

After the stack completes, the AWS integration will be created and linked to your AWS service account.

Onboard multiple AWS accounts using StackSets

1

On the Plerion dashboard, go to Settings > Integrations

Sidebar navigation with Settings expanded and Integrations highlighted
2

Find AWS account and click the + button

Click Add accounts using Multi-Account Onbooarding to add mutiple AWS accounts at once.
Integrations page with AWS account option and plus button to add integration

Integrations page with AWS account option, with the single account option or multi-account option
3

Select your desired capabilities

  • Select CSPM, CIEM and CWPP
  • For the CWPP deployment, choose Service account and select your service account.
  • Click Next to continue.
Single-account capabilities with CWPP Service account
4

Choose Console or CLI and provide the ServiceAccountId

  • Use the ServiceAccountId shown in Plerion.
ServiceAccountId parameter reference in Plerion guide
5

If adding more accounts later, use Update Existing StackSet

Update Existing StackSet flow in Plerion
6

After the stack completes, the AWS integration will be created and linked to your AWS service account.

Update existing target accounts

Update a single AWS account

1

Open the AWS account you want to update

  • On the Plerion dashboard, go to Settings > Integrations, and find the AWS account you want to update
  • Click the edit icon next to Role ARN
Integrated AWS account with Role ARN highlighted
2

Enable CWPP and select the service account

In the capabilities list, enable CWPP.
Under Deployment strategy, choose Service account and select the service account you created earlier.
Select Service account for CWPP in single-account update
3

Update stack parameters if required

If the Plerion template shows updated parameters, modify the stack parameters as shown in the guide.
4

Run the update in Automated mode (recommended)

  • Update the stack using the AWS Console or CLI by following the instructions in Plerion.
  • Automated mode is recommended for simplicity and reliability.
5

Confirm the integration is updated and linked

Once the stack update completes, the AWS account integration will be updated and linked to the service account.

Update multiple AWS accounts

1

Open the AWS management account integration

  • On the Plerion dashboard, go to Settings > Integrations, and find the AWS management account you want to update
  • Click the edit icon next to Role ARN
2

Select Multi Account Onboarding

  • In the Edit integration page, choose Update using Multi Account Onboarding.
  • On the Select capabilities screen, enable CSPM, CIEM, and CWPP.
  • Under Deployment strategy, select Service account and choose the service account you created earlier.
Selecting service account for CWPP in multi-account update flow
3

Open Update Existing StackSet and follow the guide

Switch to the Update Existing StackSet tab and follow the instructions provided in Plerion.
Update Existing StackSet guide in Plerion
4

Provide the ServiceAccountId parameter

When prompted, enter the ServiceAccountId shown in the guide.
ServiceAccountId parameter in update guide
5

Run the update in Automated mode (recommended)

  • Complete the update using the AWS Console or CLI, as instructed in Plerion.
  • Automated mode is recommended for simplicity and reliability.
6

Confirm integrations are updated and linked

Once the StackSet finishes, both existing and new AWS account integrations will be updated and linked to the service account.
On the Plerion dashboard, go to SettingsIntegrations and open the AWS account integration.
The integration will show the linked Service account, and CWPP scans will appear once they begin.
AWS integration page showing linked service account

CWPP Asset Scans section showing recent scans

Additional resources created

  • PlerionApplianceRole (IAM role in the target account): Assumed by service account appliances to run scans in the target account.