NAVAM

Setup Read-Only Access

Follow these steps to allow NAVAM Digital to audit your AWS account. Takes about 2 minutes.

1

Choose an External ID

Pick a unique identifier for your audit. This prevents unauthorized access. Use your company name and year:

navam-yourcompany-2026

Save this — you'll need it in Step 2 and when running the audit.

2

Deploy the CloudFormation Template

Click the button below to open AWS CloudFormation. It will create a read-only IAM role in your account.

Launch in AWS CloudFormation
When prompted:
• Enter the External ID you chose in Step 1
• Check the "I acknowledge that AWS CloudFormation might create IAM resources" box
• Click "Create Stack"
• Wait for status to show CREATE_COMPLETE (~30 seconds)
3

Copy the Role ARN

Once the stack is created:

1. Go to the Outputs tab of your stack

2. Copy the RoleArn value — it looks like:

arn:aws:iam::123456789012:role/NavamDigital-AuditRole
4

Run Your Audit

Go to the Audit Portal and enter:

• Your company name and email
• The Role ARN from Step 3
• The External ID from Step 1

Click "Run Audit" and your report will be ready in ~10 minutes.

5

Revoke Access (Anytime)

To remove access, simply delete the CloudFormation stack:

CloudFormation → Stacks → NavamDigital-AuditAccess → Delete

This immediately removes the IAM role and all access.

🔒 Security Guarantees

We take your security seriously. Here's what the role does and doesn't do:

  • Uses AWS-managed ReadOnlyAccess policy — cannot create, modify, or delete anything
  • Requires External ID — prevents confused deputy attacks
  • Session expires after 1 hour — access is always temporary
  • You control revocation — delete the stack anytime
  • No data stored — audit data processed in memory and delivered as PDF
  • Same approach used by AWS Partner tools like Datadog and CloudHealth
← Back to Audit Portal