Quick start: Codify Infrastructure
Auto-discover your cloud resources and convert them into version-controlled IaC in minutes.
Overview
This guide walks you through the Codify infrastructure onboarding path in StackGuardian. By the end, you'll have connected your cloud provider and a Git repository, and you'll have generated and published your first infrastructure code.
Prerequisites:
- An AWS cloud account with the necessary credentials
- A GitHub or GitLab account with at least one repository
This feature is coming soon. Join the waitlist.
Step 1: Choose your onboarding path
When you first sign in, StackGuardian asks what you'd like to do first. Select Codify infrastructure to auto-discover and convert your existing cloud resources to IaC.
Choose your onboarding path
The three available paths are:
- GitOps for IaC — Link your Git repositories to deploy infrastructure using version-controlled code
- Self-service for IaC — Build reusable blueprints that teams can deploy without writing code
- Codify infrastructure — Auto-discover and convert existing cloud resources to IaC
Select Codify infrastructure, then select Continue.
Step 2: Set up your organization
Enter a name for your organization. This is the workspace where your projects, connectors, and generated code will live.
Set up your organization
| Field | Required | Description |
|---|---|---|
| Organization name | Yes | A unique identifier for your organization. Use lowercase letters and hyphens. |
| Invite teammates | No | Enter one or more email addresses to invite collaborators. You can also do this later. |
Select Get started when you're ready.
Step 3: Connect and scan your cloud
After setup, you'll land on the SGCode overview page. The Getting Started with SGCode checklist guides you through three steps: connecting your cloud, browsing resources and codifying, and connecting your Git repository.
Connect and scan your cloud
To connect your cloud provider:
- Select Connect & scan your Cloud in the checklist.
- In the dialog, select your cloud provider — AWS is currently supported. Azure support is coming soon.
- Select an authentication method — RBAC (role-based access control) or OIDC (OpenID Connect).
- Enter a connector name. Optionally, add a description and tags.
- Enter your AWS Role ARN in the format
arn:aws:iam::<account-id>:role/<role-name>. - Copy the pre-filled External ID for the role — you'll need this when setting up the trust relationship in AWS.
- Select Connect & scan.
Connect and scan your cloud
Before you start: Ensure you have the necessary credentials from your cloud provider. You can find setup guides in the StackGuardian documentation.
AWS Role ARN
To authenticate with AWS, StackGuardian uses an IAM role with a cross-account trust relationship. You'll need to:
- Create an IAM role in your AWS account.
- Add StackGuardian as a trusted entity using the external ID shown in the form.
- Attach the permissions your connectors need (for example, read-only access for discovery).
- Copy the role ARN from AWS and paste it into the AWS Role ARN field.
Once connected, the scan starts automatically. The scan may take a few minutes — SGCode scans all resources across your connected cloud account and shows a live progress indicator.
Connect in progress
You can leave this page while the scan runs. SGCode notifies you when it's done.
Step 4: Browse resources and codify
Once the scan is complete, the checklist updates to show the number of resources found. Select Browse resources & Codify to proceed.
Browse resources and codify
SGCode groups your discovered resources into suggested resource groups based on resource type. Each group shows the resource type, the number of resources, the projected IaC coverage increase, and a Generate Code button.
You can edit or create your own groups in Cloud Inventory. Select Edit Groups in inventory to go there. When working directly in Cloud Inventory, use the Codify for button in the bottom bar instead of Generate Code.
To generate code:
- Select the IaC tool using the dropdown next to Generate Code — choose between Terraform and OpenTofu.
- Select Generate Code on one or more groups to start code generation.
Code generation in progress
Code generation typically takes a few minutes. SGCode runs an internal validation cycle — it generates the code, runs a plan to check for errors, and if errors are found, regenerates the code automatically before delivering the final result. You can leave this page while generation runs.
When generation is complete, a summary confirms the number of resources codified, lines of code generated, and files generated.
Generated infrastructure code summary
Select Manage and review generated code to open the Code Workbench and inspect the output, or continue to Step 5 to push the code directly to your repository.
Step 5: Connect your Git and publish
With your code generated, the next step is to push it to a repository. Select Connect your Git in the checklist.
Connect your Git and publish
To connect your Git repository and publish:
- Select your Git provider — GitHub or GitLab.
- Follow the authorization flow. StackGuardian redirects you to your Git provider to grant access.
- Select the account and repository where you want to push the generated code.
- Select Publish to Git Repo.
Publish to Git Repo
SGCode creates a new branch, commits the generated files, and pushes the changes to your repository.
Publish to Git in progress
When the push is complete, the checklist updates to 3 of 3 completed.
Next steps
Now that your environment is set up, you can:
- Codify more resources to increase your IaC coverage — select Codify more Resources to continue in Cloud Inventory
- Review and edit your generated code in the Infra Projects
- Explore the full Cloud Inventory reference — including filtering, grouping, resource details, dependency management, and pull request workflows