SaaS Quickstart
Get started with Infracast SaaS in under 5 minutes. No infrastructure to manage — just sign up and connect your first data source.
Prerequisites
- A cloud account (AWS, Azure, or GCP) with read-only IAM credentials
- OR network device credentials (Cisco, Palo Alto, etc.)
- OR Active Directory with LDAP read access
Step 1: Create Your Account
- Go to app.infracast.io
- Click Sign Up and create your account
- Verify your email address
Sign-up automatically creates:
- An Account (your billing entity)
- A Tenant (your customer organization, named after your company)
- A default Workspace inside that tenant (your data environment)
- Your user, set as Account Owner and Tenant Admin
You'll land directly in the default workspace and can start running discoveries immediately.
Step 2: (Optional) Add More Workspaces
Most customers stay with the auto-created default workspace. If you need hard data isolation between environments — for example, separate Prod, Staging, and Lab — you can create additional workspaces from Settings → Workspaces → New Workspace.
Workspace Name: staging
Add workspaces when you need hard data isolation: prod vs staging, separate AWS accounts, MSP customer environments, or compliance scope separation. See Multi-Workspace Patterns for guidance.
Use the workspace switcher in the header to flip between workspaces without re-authenticating.
Step 3: Add Your First Credential
Navigate to Settings → Credentials and add a credential for your first data source.
AWS (Recommended First Source)
- Click Add Credential
- Select AWS as the provider
- Choose authentication method:
- IAM Role (Recommended): Cross-account role with
arn:aws:iam::YOUR_ACCOUNT:role/InfracastReadOnly - Access Keys: For quick testing (not recommended for production)
- IAM Role (Recommended): Cross-account role with
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"rds:Describe*",
"s3:GetBucket*",
"s3:ListBucket*",
"iam:Get*",
"iam:List*",
"lambda:List*",
"eks:Describe*",
"eks:List*"
],
"Resource": "*"
}
]
}
Step 4: Run Your First Discovery
- Navigate to Jobs → Discovery
- Click New Discovery Job
- Select your credential and target regions
- Click Start Discovery
Discovery typically takes 2-5 minutes for a small AWS account (< 1,000 resources).
Step 5: Explore the Topology
Once discovery completes:
- Go to Topology
- Use the search bar to find a resource (e.g., "prod-vpc")
- Click a node to see its properties and connections
- Use Trace Path to check network reachability
Step 6: Run Your First Compliance Audit
- Go to Settings → Compliance Frameworks
- Enable the frameworks relevant to your organization (e.g., NIST 800-53, CIS AWS)
- Navigate to Findings to see compliance violations
- Click any finding to see remediation guidance
Next Steps
- Add more credentials for comprehensive coverage
- Set up integrations (Slack, Jira, ServiceNow)
- Schedule reports for weekly compliance summaries
- Install agents for workstation/server visibility
Troubleshooting
Discovery shows 0 nodes
- Verify your IAM credentials have the required permissions
- Check that you selected the correct regions
- Look at the job logs for specific errors
Missing resources
- Some resource types require additional IAM permissions
- Cross-account resources need separate credentials
- Check if resources are in regions you didn't select
Rate limiting errors
- AWS API rate limits can slow discovery
- Infracast automatically backs off and retries
- For large accounts (10K+ resources), expect 10-15 minute discovery times