Connecting Your AWS Cloud Account to QuickInfra in 5 Minutes

Before QuickInfra can provision any resources on your behalf, it needs access to your AWS account. This is done by creating a dedicated IAM role with a scoped permission set — QuickInfra never asks for root credentials or access keys that bypass IAM policies.

The IAM Role Approach

QuickInfra uses AWS IAM roles with cross-account trust rather than long-lived access keys. You create a role in your AWS account that trusts QuickInfra's AWS account to assume it. This means there are no static credentials to rotate, no access keys sitting in a config file, and revocation is instant — delete the role and QuickInfra loses access immediately.

Required Permissions

The IAM role needs permissions scoped to the services QuickInfra will manage on your behalf. For a typical setup this includes EC2, VPC, S3 (for state storage and deployment artefacts), IAM (limited, for creating instance profiles), and CloudFormation (if you use stack management). QuickInfra provides an exact IAM policy document you can paste directly into the AWS console — no guesswork on permissions.

Adding the Account in the Console

Go to Manage → Cloud Accounts → Add Account. Select AWS, give the account a friendly name, enter your AWS Account ID, and follow the role creation wizard. QuickInfra generates the CloudFormation template that creates the role with the correct trust policy — you run the stack in your AWS console and paste back the Role ARN. The connection is verified and active in under five minutes.

Multiple Accounts

QuickInfra supports multiple cloud accounts per organisation — dev, staging, and production accounts can all be connected under a single QuickInfra org. Each Infrastructure Project and Pipeline is bound to a specific cloud account. This enforces environment separation at the infrastructure level: a deployment targeting your production account cannot accidentally run against your dev account.

Security Best Practices

Use a dedicated AWS account for each environment where possible. Limit the IAM role permissions to only what QuickInfra needs for the services you actually use. Enable AWS CloudTrail on your account so that all API calls made by QuickInfra are logged with full attribution. Periodically review the QuickInfra access logs in the console to audit what actions the platform has taken on your behalf.

Revoking Access

To disconnect a cloud account, remove the IAM role from your AWS account and then delete the account entry from the QuickInfra console. Any projects bound to that account will move to an error state — they won't silently continue operating. This gives you clean, auditable offboarding if you ever need to rotate or revoke platform access.