There are three places you can add your AWS organization from within the Intruder Portal:

1a. From the Targets page. Click the Discovery tab and select '+ Add Asset':

1b. From the Integrations page. Click + Add under AWS:

1c. The Targets page by clicking the yellow '+ Add Targets' button > Cloud environments:

2. Click 'AWS':
​

3. Click 'Add organization'
​

4. Download the org file and integration file from Intruder

​

1. Navigate to the 'Stacks' section of your AWS console > Create stack:

​

2. Upload the template file provided by Intruder

3. Specify a name
​

4. No need to configure stack options – leave as default:
​

5. Acknowledge the AWS rules by selecting this checkbox:
​

6. Review the stack details, scroll to the bottom, and click the 'Submit' button.

7. Once finished (which can take some time), copy the role ARN value:
​

1. Navigate to the 'StackSets' area > click 'Create StackSet':

2. Upload template file provided by Intruder (downloaded in step 4):

3. Set name:

4. Leave the StackSet options as default and check the Capabilities acknowledgment:
​

5. Set deployment options:

6. Select "Add all regions" (outlined below):
​

7. Confirm the configuration and click the submit button:
​

1. Once it has succeeded, hit 'Add asset ->':

2. Once Intruder has connected with AWS, you'll see one of two messages. If it's the top one, click 'Go to organization ->'. If it's the bottom one, you'll need to hit <- Back and review the integration configuration:

3. After clicking 'Go to organization ->', you'll see your AWS organization:

4. Once the import has completed, your Discovery page will look something like this:

5. Clicking on ... > View details will take you through to the cloud account details page:

6. On each cloud account details page, you can do a multitude of things for each target, such as adding authentication methods, kicking off a scan, and applying a tag:

7. Clicking on the 'Sync rules' and 'Integration settings' in the top right will display account-specific options such as the ability to apply selective sync rules (only import targets matching a specific condition), or automatically kick off scans when changes are detected:

In AWS, there is no separate organization entity that Intruder scans on its own. An AWS organization is really just a set of accounts, one of which is a special management account that holds the organization's billing and configuration. Intruder imports the management account like any other account, and you scan it the same way, by enabling cloud security scans on it. There are no separate organization-level checks.

The cloud security scan settings shown on the organization-level integration are defaults for newly imported accounts only. They don't apply retroactively to accounts that are already imported, so enabling scans at the organization level won't switch them on for your existing accounts.

To manage scans for existing accounts: