What Will You Need?

  • AWS Environment

  • AWS User With Administrator Permissions – (the CloudFormation template creates resources that require a higher permission set)

  • About 10-15 minutes of time

Note: The following instructions are for the Dash pay-as-you-go offering. Please contact Dash for instructions regarding any other offerings or solutions.

Installation Instructions

  1. Log into AWS account and pick your preferred region.

  2. Create an application-specific pem key. This is done in the EC2 module. You will need to create this pem key in the region/availability zone that you will be deploying the Dash CloudFormation template. Make sure to keep this pem key accessible for future use. You will need to use that pem key to SSH in if needed. By default, SSH access is disabled but can be opened up if needed of course.

  3. Go to AWS Marketplace and navigate to the Dash ComplyOps Offering.

5. Click the “Continue to Subscribe” button.

6. You will be presented with a page displaying Dash contract options:

  • You can select a plan based on the size of your cloud environment. You can read more about pricing plans here. New users looking for a free trial may want to consider selecting the Free Trial plan.

  • Each plan will be allocated a certain number of protected units, if your organization goes over this allocation, you will be billed overage based on your plan. Your team can upgrade your plan to a higher plan/tier of protected units at anytime.

  • Discounted pricing is provided for longer term contracts (1 year, 2 year, 3 year contracts). Your team has the option of selecting one of these contracts on this page.

  • After selecting your plan, click the “Create contract” button.

7. You will be directed to a form page. Please enter your team’s:

  • Organization Name

  • Organization Contact Email (This email will need to be accessible to complete installation)

  • Contact Name

  • Contact Phone

Click the “Submit” button.


8. On completion of this form, you will see a message that this step is complete.

You will now receive an email in your inbox with further licensing needed for installation. In another tab or browser window, please navigate to the previously entered email and open the most recent Dash ComplyOps email. (It may take 5 minutes or so to receive this email. If you cannot find this email, you may check your Spam folder.)

Email isntructions

9. In the Dash email, click the button to download the CloudFormation template. This will download a file to your computer for the next installation steps.

10. Now navigate to CloudFormation in the AWS console.

11. In CloudFormation click the “Create Stack” button. Then click “With new resources (standard)”

12. Under the Specify template section, select “Upload a template file” for the Template Source.

  • Then upload the CloudFormation template file you downloaded in the email in Step #9.

  • Then click the “Next” button.

13. Go to next page, and fill out the form on this page. 

Here is what the form should look like at the end: 

Most fields have default values that are appropriate to stick with. Otherwise, provide a value that makes sense for your environment. 

14. Once you have filled out the form, click “Next”.

15. Scroll to bottom and click “Next”.

16. Scroll to bottom and check the box – “I acknowledge that AWS CloudFormation might create IAM resources with custom names.“

Then click the “Create stack” button

17. The process will take a few minutes. 

18. Once the CloudFormation stack has the status CREATE_COMPLETE, you will be able to access the Dash Application by copying the link from the CloudFormation Outputs tab.

Note: It may take another couple minutes for the application to be provisioned, initialized, and display at the Output URL.

Application Setup/Initialization

  1. Ensure the newly created Dash S3 bucket does not have public access blocked through Account Wide or Bucket Policy. (See steps for ensuring S3 bucket access.)

  2. Go to the EndpointURL link provided in the CloudFormation Output tab.

  3. The application may take up to 5 minutes to start up. 

  4. Once the application loads, it will look like this: 

Organization Validation – Put in the Organization ID and License Code to validate your organization

Create New User – Put in an appropriate email and password for the first user

Login to Dash - At this point, you can login using the new user account you have created

Select Your Applicable Regulatory Frameworks - Select the regulatory compliance standards applicable to your organization and then click “Next”. (This option can be changed later in the application settings)

Connect AWS Accounts - You will be taken to the AWS account setup page. It is important to connect your AWS accounts otherwise Dash will not monitor your cloud accounts for security and compliance issues.

You will see the following page:

Click the ‘Connect AWS Account’ button under AWS Accounts section. You will need to enter the following:

  • AWS Account Name - A name defined by your team to identify the account you are connecting to monitoring

  • AWS Account ID - Enter the AWS Account ID for the AWS account you want to connect to Dash monitoring.

You can find the AWS Account ID for your account by logging into the account and clicking on the top right user dropdown.

Once you have entered the AWS Account Name and AWS Account ID, click “Setup” button

  • You will be taken to AWS where you will need to login and grant Dash permission to scan this environment. In the new browser tab that just opened, please enter the password for the selected account.

  • After logging it, you will be redirected to the CloudFormation setup page. It has already preloaded with the correct CloudFormation template, using an S3 URL

  • Click the “Next” button

On the subsequent page, click the ‘Next’ button again. There is nothing to change on this screen.

Scroll to the bottom. Check the acknowledge checkbox and click the “Create stack” button.

It may take a few minutes to create this IAM role and then CloudFormation will show CREATE_COMPLETE for the IAM role

Head back to the Dash application and click “Validate connection”.

The Dash application should connect the new permission and show the AWS account as connected to monitoring (like the image shown below)

You can connect more than one AWS account to Dash by following the same process as above. Once you have attached your accounts, you can click the “Next” button. (You can attach additional AWS accounts in the settings later).

You will be shown a page where you can blacklist or hide specific Dash findings for accounts. You can enter any options or leave the options blank and click “Finish”. (These options are available in the settings later).

After clicking “Finish” you are ready to use the Dash application. If you have connected one or more AWS accounts, these accounts will be going through their first scan now.

Further Configuration and Troubleshooting

Initial S3 Bucket Access Requirements

Dash uses S3 bucket public access to generate and share a unique CloudFormation template for scanning AWS sub-accounts. Before continuing through application installation/initialization, your team must ensure that the Dash created S3 bucket can be accessed via public access.

If you do not need to connect multiple AWS accounts or sub accounts to Dash monitoring, you can safely disable public access after Dash installation complete

Take the following steps to disable settings for “Block all public access” in S3​:

  1. Copy your license key. It can be found in the email that you received from DASH, or in the “Parameters” tab in your CloudFormation Stack options.

  1. Go to Amazon S3 Management Console. And paste your key into the search box.

  1. Click on Bucket’s name. Bucket Overview page should open.

  2. Go to the Permissions tab. Click on the “Block public access” button then on the “Edit” button. Uncheck all checkboxes, click “Save” and confirm changes.