AWS inventory scanning (multi-account)

Updated: October 30, 2025

Integrations AWS Discovery Integrations AI

The AWS Multi-Account Inventory integration enables FireTail to automatically scan and discover API and AI resources across multiple AWS accounts within your organization. By utilizing AWS Organizations, CloudFormation templates, and IAM role assignments, FireTail can access and retrieve API and AI resources across your entire AWS infrastructure. The discovered APIs and AI resources are then populated into your selected FireTail project.

AWS Organizations must be configured with a Management account.

Setup instructions

  1. In the side menu, go to Platform, then select Integrations.
  2. Click Create Integration. Filter by selecting the Discovery category.
  3. Select AWS Inventory Scanning (Multi-Account).
  4. In the Name of Integration field, enter a name for the integration. The integration is Enabled by default. Toggle off to make inactive.

Option 1: Launch CloudFormation in the Organization Management account

  1. Log into the AWS Console. Make sure this is the Organization Management account.
  2. Click the Launch CloudFormation button to open the stack setup in your AWS Console.
  3. The Stack name must be unique. If you have previously created a stack, enter a new one.
  4. In CloudFormation, check I acknowledge that AWS CloudFormation might create IAM resources, then select Create.
  5. When the stack status shows CREATE_COMPLETE, go to the Outputs tab, copy the value for FireTailRoleARN, and paste it into the AWS Management Role ARN field in the FireTail platform.

Option 2: Launch CloudFormation for each account through a Stack Set

  1. Log into the AWS Console. Make sure this is the Organization Management account.
  2. Click the Go to CloudFormation Stack Sets button to navigate to the CloudFormation Stack Sets console.
  3. Click the Create StackSet button.
  1. In the Specify template section, select Amazon S3 URL and paste the template URL, as displayed in the integration form on the FireTail platform, into the Amazon S3 URL field.
  2. Click Next.
  3. In the Specify StackSet details section, enter a name for the stack set.
  4. In the Parameters section, enter the following values:
    • OrganisationUUID: Your organization UUID (displayed in the integration form in the FireTail platform)
    • RolePrefix: firetail
  5. Click Next.
  6. In the Execution configuration section, select Active.
  7. In the Capabilities section, check the box for I acknowledge that AWS CloudFormation might create IAM resources with customised names.
  1. Click Next.
  2. In the Deployment targets section, select either Deploy to organization (to deploy the IAM role to all accounts) or Deploy to organizational units (to select specific organizational units and account IDs you want to deploy the stack set to).
  3. In the Specify Regions section, choose US East (N. Virginia) us-east-1. Only choose a single region.
  4. Click Next.
  5. In the Review section, review your settings and click Submit.

Complete integration setup

  1. Return to the FireTail platform and complete the remaining fields.
  2. Select a Project from the dropdown, or click Create to create a new project. This is the project that will be associated with the integration. When you complete the integration this adds the discovered APIs from AWS under the FireTail project that you choose. Learn more about projects here.
  3. Enter the AWS Management Role ARN obtained from the CloudFormation stack outputs.
  4. Specify the Role Name (prepopulated with "firetail").
  5. Configure your AWS Regions by selecting which regions should be scanned for resources.
  6. Set the Scan Frequency in hours (minimum is 24 hours).
  7. Configure Filter on AWS resource tags (optional). Click Add key to specify which AWS resources should be included in the scan based on their tags.
  8. Toggle Delete resources from FireTail if you want resources that are no longer found in AWS to be automatically removed from FireTail during subsequent scans.
  9. Click Submit to complete the setup.

Viewing discovered resources

The discovered APIs can be viewed by navigating to API in the side menu and selecting Inventory. The discovered AI resources can be viewed by navigating AI in the side menu and selecting Inventory.

Need help?

Contact FireTail support