Getting Started

Setup usually takes 5–10 minutes for the first account.

On this page

• 1. Create your account
• 2. Connect your AWS account
  • Start with the required Core Scan Role
  • Add optional roles later only if needed
  • Why the setup is split
• 3. Run scans
• 4. Review findings
• 5. Set up notifications
• Need help?

1. Create your account

Go to opscurb.com/signup, sign up, and verify your email. You can start on Free and upgrade later.

2. Connect your AWS account

OpsCurb uses a tiered AWS access model.

Start with the required Core Scan Role

1. In OpsCurb, open Settings.
2. Click Add AWS Account.
3. Copy the OpsCurb AWS Account ID and the generated Core External ID.
4. In AWS, create a role trusted by OpsCurb's AWS account and require that External ID.
5. Attach the generated Core scan permissions policy shown in the OpsCurb UI.
6. Back in OpsCurb, enter:
   • AWS account ID
   • Core Scan Role ARN
   • Regions to scan
7. Save.

After saving, OpsCurb starts your first core scan automatically.

Add optional roles later only if needed

Optional capability roles can be connected later from Settings → Edit Account:

• Deep Inspect
• Advanced log diagnostics
• S3 inventory
• IAM hygiene
• Tag inventory

Use the public Permissions Matrix to decide which optional roles your team actually wants to enable.

Why the setup is split

• The Core Scan Role keeps the first connection narrower and easier to review.
• Sensitive surfaces such as CloudWatch Logs, S3 inventory, IAM listings, and tag inventory are opt-in.
• Separate optional roles provide stronger hardening, narrower permission boundaries, and cleaner isolation than folding those capabilities into one broader role.
• You can prove value first, then enable deeper workflows only where justified.

3. Run scans

• Free: limited manual scans (1 per month)
• Growth: daily automated scans, plus up to 10 manual rescans per month
• Scale: daily automated scans, plus manual scans on demand

To run a scan now: Settings → AWS Accounts → Run Scan.

4. Review findings

Each finding includes resource, region, estimated monthly waste, and recommended next steps. Use filters to focus by severity, region, account, and status.

On Growth and above, click Get Fix Instructions for AI-generated implementation guidance.

After the first scan, focus on:

• the top 3 actions to review first
• the exact monthly impact attached to those actions
• any blocked, unowned, or overdue example that shows where savings could stall

If that first queue looks real, the next step is the 14-day Growth trial so OpsCurb can push the work into Jira or Linear and keep it owned.

5. Set up notifications

• Slack (Growth+):
  1. Settings → Slack Integration → Connect Slack (OAuth)
  2. Enable Slack alerts and save
  3. Optional: enable assignee DMs with a bot token (xoxb-...)
• Discord anomaly alerts (Scale):
  1. Settings → Anomaly Alerts
  2. Open Notification Channels
  3. Enable Discord and add webhook URL
• Weekly digest email (Growth+):
  1. Settings → Weekly Digest
  2. Enable email and add recipients

More details: Integrations.

Need help?

Email support@opscurb.com. If you want help validating the first queue live, you can also book an optional guided review. Also see FAQ, Troubleshooting, and the public Permissions Matrix.