Deploy Your Template
Once you have reviewed your infrastructure template, the final step is deployment. Guardian Pro validates your template through preflight checks, then deploys all resources directly into your AWS account. You can monitor the entire process in real time from the Guardian Pro console.
Preflight Checks
Before any resources are created, Guardian Pro runs a series of automated preflight checks to catch potential issues. These checks run immediately when you click Continue to Deploy from the review screen.
What Preflight Checks Validate
| Check | What It Verifies |
|---|---|
| IAM Permissions | Guardian Pro has the necessary permissions in the target account to create all resources in the template |
| Service Quotas | Your AWS account has sufficient service limits for the resources being created (e.g., VPC limits, elastic IP limits) |
| Resource Conflicts | No naming conflicts with existing resources in the target account |
| Region Availability | All services in the template are available in the target deployment region |
| Parameter Validation | All template parameters are valid and within acceptable ranges |
| Dependency Order | Resources are ordered correctly so dependencies are created before the resources that reference them |
Preflight Results
After the checks complete, you see one of three outcomes:
- All checks passed -- You can proceed with deployment immediately.
- Warnings detected -- Non-blocking issues that you should be aware of but that will not prevent deployment. For example, a service quota that is close to its limit.
- Errors detected -- Blocking issues that must be resolved before deployment can proceed. Each error includes a clear description and recommended resolution.
If preflight checks detect permission errors, verify that the Guardian Pro IAM role in your target account has the required permissions. The most common cause is deploying to an account that was onboarded with read-only permissions. You may need to update the IAM role to include write permissions for the services in your template.
Deployment Options
After preflight checks pass, you have two options for deployment:
Deploy from Guardian Pro
Click Deploy to have Guardian Pro create all resources directly in your AWS account. This is the recommended approach because it provides:
- Real-time monitoring -- Watch resources being created in the Guardian Pro console.
- Automatic rollback -- If any resource fails to create, the entire deployment is rolled back cleanly.
- Immediate governance -- Deployed resources are automatically picked up by Guardian Pro's scanning and monitoring.
- Audit trail -- A full record of the deployment is preserved in your Guardian Pro account.
Download and Deploy Manually
If you prefer to deploy through your own processes:
- Click Download Template from the review screen.
- Deploy using the AWS Console, AWS CLI, or your CI/CD pipeline.
- Guardian Pro discovers the new resources during the next scan cycle.
Manual deployment skips the preflight checks, real-time monitoring, and automatic rollback that Guardian Pro provides. It is recommended for teams with established infrastructure deployment pipelines who want to integrate the generated templates into their existing workflow.
Deployment Process
When you deploy from Guardian Pro, the process follows these stages:
1. Resource Creation
Guardian Pro submits the template to your AWS account and begins creating resources in the correct dependency order:
- Networking -- VPC, subnets, route tables, and gateways are created first.
- Security -- Encryption keys, IAM roles, and security groups.
- Data -- Databases, caches, and storage buckets.
- Compute -- Container services, functions, or EC2 instances.
- Monitoring -- Logging, alarms, and tracing.
- Application -- Load balancers, DNS records, and CDN distributions.
2. Progress Monitoring
The deployment screen shows real-time progress:
- A list of all resources being created, with their current status (pending, in progress, complete, or failed).
- Elapsed time and estimated time remaining.
- Log output for any issues encountered during creation.
You do not need to keep the page open. Guardian Pro continues the deployment in the background, and you can check back at any time.
3. Completion
When all resources are created successfully, you see:
- A confirmation that deployment is complete.
- A summary of all created resources with their identifiers and endpoints.
- Key outputs such as API endpoints, database connection strings, and CDN URLs.
- Recommended next steps for your specific deployment.
Deployment Monitoring
During deployment, you can track progress through several channels:
Deployment Status Page
The Wizard's results page shows the overall deployment status and per-resource progress. Navigate to this page from the Wizard menu or from the notification you receive when deployment starts.
Notifications
Guardian Pro sends notifications at key deployment milestones:
- Deployment started -- Confirms the deployment has begun.
- Deployment completed -- All resources created successfully.
- Deployment failed -- An error occurred, with details about what went wrong and how to resolve it.
Handling Deployment Failures
If a resource fails to create during deployment:
- Automatic rollback -- Guardian Pro automatically rolls back all resources that were created during the failed deployment. This ensures you do not end up with a partially deployed infrastructure.
- Error details -- The deployment screen shows the specific error that caused the failure, along with the affected resource.
- Resolution guidance -- Common errors include recommended resolution steps.
Common Deployment Errors
| Error | Cause | Resolution |
|---|---|---|
| Insufficient permissions | IAM role lacks required permissions | Update the Guardian Pro role with the permissions specified in the error |
| Service quota exceeded | AWS account limit reached for a service | Request a quota increase in the AWS Console, then retry |
| Resource already exists | A resource with the same name exists | Rename the conflicting resource or delete the existing one |
| Region not supported | A service is not available in the selected region | Change the deployment region or remove the unsupported service |
After resolving the issue, you can retry the deployment from the Wizard page. The template and all your configurations are preserved.
After Deployment
Immediate Next Steps
Once deployment succeeds, consider these follow-up actions:
- Run a scan -- Trigger a Guardian Pro scan to discover and evaluate your new resources. Navigate to the Dashboard and click Run Scan.
- Review outputs -- Note the key outputs from the deployment (endpoints, connection strings, URLs) and configure your application to use them.
- Set up monitoring -- While the template includes basic monitoring, you may want to configure additional notification preferences for the new resources.
- Configure budgets -- Set up a cost budget to track spending on the new infrastructure.
Ongoing Governance
After deployment, your new infrastructure is fully governed by Guardian Pro:
- Security scanning evaluates the new resources against hundreds of best-practice checks.
- Cost Intelligence tracks spending and identifies optimisation opportunities as usage patterns develop.
- Architecture Advisor incorporates the resources into your dependency graph, enabling failure simulation and risk analysis.
- Compliance maps the new resources against your subscribed compliance frameworks.
Run a scan immediately after deployment to get your initial findings. The Wizard generates templates with best practices built in, so you should see a minimal number of findings. Any that do appear are typically fine-tuning recommendations rather than critical issues.
Redeploying or Updating
If you need to modify the deployed infrastructure:
- Return to the Wizard and start a new conversation or scan, incorporating your updated requirements.
- Generate a new template that reflects the changes.
- Deploy the updated template -- Guardian Pro handles the resource updates, creating new resources and modifying existing ones as needed.
Alternatively, download the updated template and deploy it through your own CI/CD pipeline.
Next Steps
- Dashboard -- Return to the dashboard to monitor your infrastructure.
- Action Centre -- Review findings after your first scan of the new infrastructure.
- Architecture Advisor -- Explore your infrastructure topology and run failure simulations.
- Cost Intelligence -- Track spending on your newly deployed resources.
- Infrastructure Wizard Overview -- Generate additional infrastructure for new projects.