New Sciple is live. Connect your AWS in 10 minutes and explore the platform with a sandbox workspace. Book a demo
sciple

Cloud (AWS) dashboard

The Cloud dashboard is where you connect AWS accounts, browse resources across every supported AWS service family, manage sync schedules, and inspect compliance and backup posture per account. Sciple is read-only against your AWS account by design.

What you see

  • Accounts page at /cloud. A table of registered AWS accounts with account name, account ID, provider, credential status, and the payer flag.
  • Account dashboard at /cloud/aws/:account_id with three tabs:
    • Resources: paginated tables for EC2, RDS, S3, Lambda, CloudFront, Route 53, VPC, ECS, EKS, ElastiCache, EBS, EFS, IAM, the AWS Code suite, and ECR. Inline describe drawers per row. Column visibility and ordering remember themselves per user.
    • Compliance: AWS Inspector findings and vulnerability counts.
    • Backup coverage: a service-by-service view of which resources are backed up, stale, or not backed up, with the backup source shown (AWS Backup, service-native, or none).
  • Secrets and parameters: Secrets Manager and SSM Parameter Store are fetched live on demand, never cached.

Prerequisites

  • A Sciple workspace where you hold the settings.manage permission.
  • An AWS account where you can create an IAM user with read-only access, or a cross-account IAM role with an external ID.

Step 1. Enable AWS as a cloud provider

Open Manage, go to Cloud providers, and enable Amazon Web Services. This is a one-time tenant-level action. Other providers (GCP, Azure) appear here when they are supported.

Step 2. Register an AWS account

Open Cloud, choose Accounts, and add an AWS account. You can use static IAM keys to get started quickly, or a cross-account assume-role with an external ID for the way you would run this in production. Both flows use scoped, short-lived credentials when calling AWS; nothing is installed in your AWS account beyond the role or keys.

The role or user only needs read access to the families you want Sciple to surface. Start narrow and broaden later as your team adopts more capabilities.

Step 3. Sync your resources

Pick a region and trigger a sync. Sciple discovers resources across every connected service family and writes them into the cached snapshot that powers the Resources tab. The first sync takes a few minutes; subsequent syncs are incremental. Sync status is tracked per service so you can see when each family last refreshed and whether it succeeded.

You can trigger a full-account sync from the dashboard or sync one service at a time. Sync schedules are configurable per service per account (15 minutes, hourly, six-hourly, daily, or off).

Data flow

Resources are cached in Sciple's database after each sync and read from the snapshot on every page load. The exceptions are AWS Secrets Manager and SSM Parameter Store, which are fetched live on demand. No customer data is copied out of your AWS account beyond what is needed to render the dashboard, and Sciple stores only resource metadata, never the contents of secrets or parameters.

Permissions and audit

Browsing accounts and resources requires dashboard.view. Registering an account, rotating credentials, updating sync schedules, or triggering a sync requires settings.manage.

The actions cloud.account.registered, cloud.account.updated, cloud.account.deleted, cloud.discover.started, cloud.discover.completed, and the per-service cloud.fetch.started / .completed / .failed events land in the same audit log as the rest of the platform, in the same transaction as the change.

Limits

  • AWS only today. GCP and Azure appear in the provider list but are not yet supported.
  • Manual sync trigger. The sync schedule API exists, but the background scheduler that runs schedules on a timer is not yet wired up. Trigger syncs from the dashboard for now.
  • Read-only. Sciple does not create, modify, or delete AWS resources.
  • Pagination only. Resource tables paginate; there is no full-table export yet.
  • Secrets and parameters are live-only. They are never cached.

What is next