reference deployment

Snyk Developer-First Security on AWS

Find and automatically fix open-source vulnerabilities

This Partner Solution deploys Snyk Developer-First Security in the Amazon Web Services (AWS) Cloud. It is designed for developers, DevOps, and security teams that want to integrate their AWS environment with Snyk Cloud and Snyk Container.

Snyk finds and fixes vulnerabilities in applications that use open-source, serverless, and container solutions. Snyk's seamless integration into the developer workflow, with continuous monitoring of applications in production, empowers developers to continue to release fast, while ensuring secure code.

Snyk logo

This Partner Solution was developed by Snyk in collaboration with AWS. Snyk is an AWS Partner.

  •  What you'll build
  • This Partner Solution sets up the following:

    • Snyk Cloud and Snyk Container integration in a single deployment with Amazon Elastic Container Registry (Amazon ECR) and cross-account AWS Identity and Access Management (IAM) roles.
    • A Snyk Cloud-only integration option with cross-account IAM role for Snyk Container.
    • A Snyk Container-only integration option with Amazon ECR and cross-account IAM role for Snyk Container.
    • A Snyk Container-only integration option with Amazon ECR, a cross-account IAM role for Snyk Container, and AWS Lambda. This deployment option uses Lambda to create and configure a new organization in Snyk's system.
  •  How to deploy
  • To deploy this Partner Solution, follow the steps in the deployment guide, which includes these steps.

    1. If you don't already have an AWS account, sign up at, and sign in to your account.
    2. Sign in to your Snyk account.
    3. Launch the Partner Solution by choosing from the following options. The stack takes about 5 minutes to deploy. Before you create the stack, choose the Region from the top toolbar.
    4. Enter the Amazon Resource Numbers (ARNs) for Snyk Cloud and Snyk Container in your Snyk organization.
    5. Import your container images into Snyk.
    6. Scan your AWS environment with Snyk.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • The Synk Container-only integration option of this Partner Solution is available to Snyk customers of all pricing plans. Snyk Cloud integration and Snyk Container integration with automated configuration require a paid plan. If you are not currently a Snyk customer, you can register for a free account on the Snyk login page. For more information about paid plans, refer to Snyk: Developer Security Platform (Team and Enterprise Tiers) in AWS Marketplace.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?