Skip to main content

Quick start: GitOps for IaC

Deploy your first workflow in minutes by connecting Git and a cloud provider.

Overview

This guide walks you through the GitOps for IaC onboarding path in StackGuardian. By the end, you'll have connected your Git repositories and a cloud provider, and you'll be ready to deploy your first workflow.

Prerequisites:

  • A GitHub or GitLab account with at least one IaC repository
  • A cloud provider account (AWS or Azure) with the necessary credentials

Step 1: Choose your onboarding path

When you first sign in, StackGuardian asks what you'd like to do first. Select GitOps for IaC to connect your Git repositories and deploy infrastructure using version-controlled code.

Onboarding path selection screen showing three options: GitOps for IaC, Self-service for IaC, and Codify infrastructure

Onboarding path selection screen

The three available paths are:

  • GitOps for IaC — Link your Git repositories to deploy infrastructure using version-controlled code
  • Self-service for IaC — Build reusable blueprints that teams can deploy without writing code
  • Codify infrastructure — Auto-discover and convert existing cloud resources to IaC (coming soon)

Select GitOps for IaC, then select Continue.

note

You can switch to a different path at any time from the SGOrchestrator overview page.

Step 2: Set up your organization

Enter a name for your organization. This is the workspace where your workflows, stacks, and connectors will live.

Organization setup screen with fields for organization name and teammate invites

Organization setup screen

FieldRequiredDescription
Organization nameYesA unique identifier for your organization. Use lowercase letters and hyphens.
Invite teammatesNoEnter one or more email addresses to invite collaborators. You can also do this later.

Select Get started when you're ready.

Step 3: Connect your Git repository

After setup, you'll land on the SGOrchestrator overview page. The Getting Started with Orchestrator panel in the bottom-right corner guides you through three steps: connecting Git, connecting a cloud provider, and deploying.

SGOrchestrator overview page showing the getting started checklist with Connect your Git as the active step

SGOrchestrator overview page

To connect your Git repository:

  1. Select Connect your Git in the checklist or the overview card.

  2. In the dialog, select your Git provider — GitHub or GitLab.

    Connect your Git repository dialog with GitHub and GitLab provider options

    Connect your Git repository dialog

  3. Follow the authorization flow. StackGuardian redirects you to your Git provider to grant access.

  4. Select the account or organization where you want to install the StackGuardian app.

Once authorized, you'll return to the overview page. The Connect your Git card shows a confirmation that one version control system is connected.

SGOrchestrator overview page showing 1 Version Control connected and Connect your Cloud as the next active step

SGOrchestrator overview page

Step 4: Connect your cloud provider

With your Git repository connected, the next step is to link a cloud provider. This allows StackGuardian to deploy your infrastructure into your cloud account.

To connect your cloud provider:

  1. Select Connect cloud account in the overview card.

  2. In the dialog, select your cloud provider — AWS or Azure.

  3. Select an authentication method — RBAC (role-based access control) or OIDC (OpenID Connect).

  4. Enter a connector name. Optionally, add a description and tags.

  5. Enter your AWS Role ARN in the format arn:aws:iam::<account-id>:role/<role-name>.

  6. Copy the pre-filled External ID for the role — you'll need this when setting up the trust relationship in AWS.

  7. Select Add Connector.

    Connect with your cloud provider dialog showing AWS selected, RBAC authentication, and fields for connector name, description, tags, AWS Role ARN, and external ID

    Connect with your cloud provider dialog showing

AWS Role ARN

To authenticate with AWS, StackGuardian uses an IAM role with a cross-account trust relationship. You'll need to:

  • Create an IAM role in your AWS account.
  • Add StackGuardian as a trusted entity using the external ID shown in the form.
  • Attach the permissions your workflows need (for example, AdministratorAccess for full access).
  • Copy the role ARN from AWS and paste it into the AWS Role ARN field.

Once connected, the Connect your Cloud card shows a confirmation and a Manage integrations button.

Step 5: Start deploying

With both Git and your cloud provider connected, the checklist shows 2 of 3 complete. The Start Deploying step is now active.

SGOrchestrator overview page showing both Git and Cloud connected, with Start Deploying as the next step

SGOrchestrator overview page

Select Start Deploying to browse your connected repositories and create your first workflow.

Next steps

Now that your environment is set up, you can: