# Update AWS CloudFormation Stack {% hint style="info" %} This page is only relevant if you connected your AWS account **before** March 30th, 2026. Accounts connected after this date already have the latest permissions. {% endhint %} Aikido has updated the AWS CloudFormation template with expanded permissions. If your account was connected before this change, you'll need to update your existing stack to stay current. The updated template enables: * Broader AWS service coverage – visibility across more resource types * Deeper inspection of managed services – including EKS, Lambda, and Batch * [Container and workload network reachability analysis](https://help.aikido.dev/container-image-scanning/container-reachability-analysis) – tracing network paths from the internet to your containers All permissions are **read-only**. `rds:DownloadDBLogFilePortion` is explicitly denied to prevent access to database logs. Aikido automatically masks sensitive values in your AWS resources before indexing them. This includes secrets in Lambda environment variables, EC2 user data, and similar configurations. ### How to update your stack {% stepper %} {% step %} **Get the updated template from Aikido** Go to [Clouds → Add AWS](https://app.aikido.dev/clouds/add/aws). Select **"Single"** or **"Full Organization"** and copy the CloudFormation template link. {% endstep %} {% step %} **Open CloudFormation in AWS Console** Navigate to **CloudFormation** and locate your existing Aikido stack. If you're updating permissions for an organization connection, make sure you're in your **AWS organization management account**. {% endstep %} {% step %} **Update the stack** Click **"Update stack"** and choose one of: * **Create a change set** (recommended) – lets you preview all changes before applying * **Make a direct update** – faster, but applies changes immediately {% endstep %} {% step %} **Replace the template** Select **"Replace existing template"**, then either: * Paste the template URL from Aikido * or Upload the file if you downloaded it {% endstep %} {% step %} **Complete the deployment** Proceed with the update and finish the stack deployment. If you chose to create a change set, remember to **execute it** after reviewing. {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/cloud-scanning/connect-your-cloud/aws/connect-aws-account-to-aikido/update-aws-cloudformation-stack.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.