To start using the Citadel app, sign in with your email address to connect an AWS Account to Management. Follow the instructions to do the initial setup.
You need an account to log in to Citadel. If you don’t have an account yet, you need an invite to register. Please request one from your delivery partner, or email: [email protected]
Log in to Citadel
- Go to https://app.citadel.run/login
- Enter your email account
- Enter your password
- Select Remember me if you are on a safe workstation and want to save your information for future log ins
- Click on Log in
Register to Citadel (currently invite only)
- Follow the link from your email invite
- Enter your name
- Enter a valid email address
- Enter password
- Confirm your password
- Click on Register
Connecting your AWS Management Account
As you log in to Citadel, a message will ask you to set up your Citadel Account, seen below:
Go to Management to start the Initial Setup.
You will need:
- Account ID for your AWS Management Account
- Have an Organization on your AWS Management Account (see to create one)Creating an Organization
- Log in to your AWS Management Account using an Administrator role
- Account ID for your AWS Audit Account (if you don’t have one, see )Creating Audit and Log Archive AWS Accounts
- Account ID for your AWS Log Archive Account (if you don’t have one, see )Creating Audit and Log Archive AWS Accounts
- An email address to receive alarms
Connecting the Management Account
The first step to configuring your AWS Management (Master) Account to Citadel is to connect your AWS Account.
- Log in to AWS on another browser tab
- Click Run Template to open CloudFormation on your AWS Management Account and click Create Stack.
- Enter the Account ID for your Management AWS Account
- Click Check Connection
Wait a few moments until you see “Connection OK” and the Next button enabled. Click to proceed.
Setting up the Management Account
For the second stage of the Initial Setup, we need to collect information to deploy the initial baseline services to your Management, Audit and Log Archive accounts.
Complete the setup by entering the information below.
- Enter Default Email For Alerts, this email will be used to send alerts from security services like Cloudtrail and GuardDuty. Can be changed later
- Enter AWS Account ID For Audit
- Enter AWS Account ID For Log Archive
- Choose a primary AWS Region. You can only choose one primary region but multiple secondary regions. Changing the primary region may cause disruption, so choose carefully.
- Click Save
After saving, the Organization Status page will show your accounts and deployment statuses:
Regions (primary and secondary ones) will have separate statuses as Citadel deploys a baseline stack on each one. This baseline stack can be redeployed by clicking the ‘Redeploy’ option on the options menu on the right side of the status bar.
On this page