Quickstart

1. Sign up and create your organisation

   Go to trovesec.io and sign up. Create or join an organisation — all data and billing is scoped to your org.

2. Connect your AWS account

   Navigate to Connections in your dashboard. Click Add AWS Account.

   TroveSec uses cross-account IAM role assumption — it never stores your AWS credentials.

   You’ll get a CloudFormation template URL. Deploy it in your AWS account to create a read-only role, then paste the generated role_arn back into the dashboard.

   Tip

   See IAM Role Setup for a step-by-step walkthrough of the CloudFormation deployment.

3. Run your first scan

   Click Run Scan on your connection. Scans take 2–5 minutes and run 400+ security checks across S3, IAM, EC2, RDS, VPC, and CloudTrail.

   You’ll get an email when it’s complete.

4. Generate an API key

   Go to Integrations → API Keys → Create Key. Name it Claude Desktop.

   Copy the key — it is shown once only. It starts with cs_live_.

5. Connect Claude Desktop

   Open your Claude Desktop config file:

   macOS

   ~/Library/Application Support/Claude/claude_desktop_config.json

   Windows

   %APPDATA%\Claude\claude_desktop_config.json

   Add this block — replace cs_live_xxx with your key:

   {
     "mcpServers": {
       "trovesec": {
         "url": "https://mcp.trovesec.io/sse",
         "transport": "sse",
         "headers": {
           "Authorization": "Bearer cs_live_xxx"
         }
       }
     }
   }

   Restart Claude Desktop. TroveSec tools will appear in the tool selector.

6. Ask your first question

   Try any of these in Claude:

   • “What are my critical AWS findings?”
   • “Am I ready for SOC2?”
   • “Where should I start fixing?”
   • “What’s wrong with my S3 buckets?”