Free CIS Benchmark Scan

Connect your AWS account

Grant SentryHive read-only access via an IAM Role. We run 14 CIS Benchmark checks and generate AI remediation runbooks for every finding — in under a minute. Not sure what you'll get? See an example report →

Before you start — create a read-only IAM Role

  1. 1.In AWS IAM, create a new role with SecurityAudit and ReadOnlyAccess managed policies attached.
  2. 2.Set the trust policy to allow sts:AssumeRole from your account.
  3. 3.Copy the Role ARN (e.g. arn:aws:iam::123456789012:role/SentryHiveAudit) and paste it below.
Connection Details

The ARN of the read-only IAM role SentryHive will assume.

Required only if your role trust policy includes a condition on ExternalId.

Region used for EC2, CloudTrail, and CloudWatch checks. IAM checks are always global.

Credentials are never stored. Session lasts 15 minutes.

🔒SentryHive uses AWS STS to assume your role with a 15-minute session. No credentials are logged or persisted. Only read-only APIs are called.