Docs / Cloud Accounts / Connect AWS Account

Connect AWS Account

Published · Last updated: May 2026 · 2 min read

Overview

CloudAIPilot allows you to bring your own AWS infrastructure. Instead of passing around static, risky IAM access keys, our platform uses secure IAM Role Assumption (Cross-Account Roles). This ensures that you grant CloudAIPilot the exact permissions needed to autonomously manage your resources, while maintaining the ability to revoke access instantly from your own AWS console.

Security & PQC Note

Your AWS credentials are encrypted at rest using Post-Quantum Cryptography (PQC) standards (ML-KEM-768). CloudAIPilot is uniquely positioned in the industry to offer quantum-safe protection for your cloud provider keys.

Step-by-Step Guide

Step 1: Create the IAM Role in AWS

  1. Log in to your AWS Management Console.
  2. Navigate to IAM > Roles and click Create Role.
  3. Select AWS account as the trusted entity type.
  4. Select Another AWS account and enter the CloudAIPilot Account ID (provided in your dashboard).
  5. Check the box for Require external ID. Enter the unique External ID generated for your Organization in the CloudAIPilot dashboard.

Step 2: Attach Policies

  1. CloudAIPilot requires specific permissions to provision EC2 instances, manage security groups, and read billing metrics (for autonomous FinOps).
  2. Attach the CloudAIPilot-Orchestration-Policy. You can download the precise JSON policy document from your dashboard.

Step 3: Link in CloudAIPilot

  1. Copy the Role ARN of the newly created IAM Role.
  2. In CloudAIPilot, navigate to Cloud Accounts > Add Account > AWS.
  3. Paste the Role ARN and click Connect.
  4. The AI Pilot will perform a safe background pre-flight check to verify permissions.

Human-in-the-Loop Safety

Once connected, CloudAIPilot can read your architecture and propose optimizations. However, it will never provision a new EC2 instance or delete an unused volume without generating an Approval Card for you to review and confirm.

Related Articles