Sources connect Iru Compliance to systems you already use, such as identity, code hosts, monitoring, HR, cloud, and more. After a source is Active, Iru can discover and attach artifacts to the actions and controls they support, which keeps evidence tied to your frameworks and reduces manual uploads. To see how Compliance fits with Endpoint and Identity, read Iru Overview. On the left navigation bar, expand Compliance and select Sources. Turn on the toggle on a source’s card, then complete authentication in the wizard (OAuth, API keys, bearer tokens, or vendor-specific steps). When an action names a system and evidence type, automation can use that mapping to decide what to collect.Documentation Index
Fetch the complete documentation index at: https://docs.iru.com/llms.txt
Use this file to discover all available pages before exploring further.
Need help with a step? Contact Iru Support.
Sources page
Once you are on Sources (same sidebar path as above), Refresh all evidence is at the top right. Use it to refresh evidence from your connected sources. Use Search by name or description and the Category dropdown to narrow the list. Amazon Web Services connectors appear under Amazon sources inside each relevant category (Security, Developer tools, Databases, Monitoring, or Storage). Each Amazon sources row scrolls horizontally. Use the arrow controls to see every card.How it works
Each connector article covers authentication, in-product steps (including the Iru connector wizard where applicable), troubleshooting, and vendor documentation links. Read the article for your system before you turn the source on in Sources.Connector articles
The sidebar Compliance → Sources tree follows the same Category labels as Iru (Analytics, Communications, CRM, Databases, Developer tools, HRIS, Monitoring, Productivity, Project management, Security, Storage, Support), with Amazon sources nested where the product groups AWS connectors. Browse sources by theme below (accordion sections mirror connector families such as Amazon Web Services for documentation). Expand a section to see Integration links to full guides and What it covers summaries. In Iru, expand Compliance, open Sources, and use each card’s toggle; your tenant controls which connectors are listed.Analytics
Analytics
Communications
Communications
| Integration | What it covers |
|---|---|
| Aircall | Voice and messaging platform metadata for communications controls. |
| RingCentral | Voice, messaging, and account configuration for communications controls. |
| Slack | Workspace membership, channels, and app integrations for collaboration controls. |
CRM
CRM
Databases
Databases
Amazon sources
| Integration | What it covers |
|---|---|
| Amazon Redshift Data API | Data API usage and SQL-layer inventory for Redshift governance. |
| Amazon Redshift Serverless | Serverless workgroups, namespaces, and related configuration. |
| AWS DynamoDB | Tables, indexes, and backup settings (configuration and inventory, not item data). |
| AWS RDS | DB instances, Aurora clusters, snapshots, and encryption settings (no query data). |
| AWS Redshift | Provisioned clusters, subnet groups, snapshots, and encryption posture. |
Other integrations
| Integration | What it covers |
|---|---|
| Snowflake | ACCOUNT_USAGE metadata, roles, and warehouses via read APIs (not arbitrary SQL). |
Developer tools
Developer tools
Amazon sources
| Integration | What it covers |
|---|---|
| AWS CodeCommit | Git repositories, branches, and pull-request settings for change management. |
| AWS Elastic Kubernetes Service (EKS) | Clusters, node groups, and Kubernetes inventory for container security. |
| AWS Elastic Compute Cloud (EC2) | Instances, security groups, VPC layout, and AMI metadata. |
| AWS Elastic Container Service (ECS) | Services, tasks, and cluster configuration for container compliance. |
| AWS Elastic Load Balancing (ELB) | Listeners, rules, target groups, and health checks for ingress controls. |
| AWS Lambda | Functions, triggers, and IAM attachments for serverless governance. |
| AWS Organizations | Accounts, OUs, roots, and SCP evidence for landing-zone controls. |
| AWS Auto Scaling | Scaling groups, policies, and capacity evidence across compute. |
Microsoft Azure
| Integration | What it covers |
|---|---|
| Microsoft Azure Authorization | Role assignments and RBAC policy administration for resources and resource groups. |
| Microsoft Azure Key Vault | Key Vault inventory and access policies via the management API (not secret values). |
| Microsoft Azure Monitor | Diagnostic settings and export of resource logs and metrics to supported destinations. |
| Microsoft Azure Network | Virtual networks, subnets, interfaces, public IPs, NSGs, load balancers, VPN gateways, and related networking resources. |
| Microsoft Azure Storage | Storage accounts and configuration within an Azure subscription. |
Other integrations
| Integration | What it covers |
|---|---|
| Bitbucket | Repositories, branch policies, and workspace access for code governance. |
| Contentful | Content models, entries, and roles for CMS access controls. |
| DigitalOcean | Droplets, Kubernetes, databases, and networking inventory where enabled. |
| Doppler | Projects and sync metadata for secrets governance (not secret values). |
| Drupal | JSON:API users, roles, and content metadata for web CMS controls. |
| Figma | Projects, files, org membership, and OAuth-scoped design-system evidence. |
| GitHub | Orgs, repos, branch protection, teams, and audit-oriented settings. |
| GitLab | Groups, projects, CI/CD configuration, and membership for DevOps controls. |
| Heroku | Apps, pipelines, collaborators, and add-ons for PaaS evidence. |
| Jenkins | Jobs, plugins, and CI configuration for build and deployment controls. |
| OpenAI | Org and project metadata for AI usage and access governance. |
| PagerDuty | Services, incidents, schedules, and escalation evidence for incident response. |
| Postman | Workspaces, collections, and API governance surfaces exposed by API. |
HRIS
HRIS
| Integration | What it covers |
|---|---|
| BambooHR | Employee records and HR workflows for workforce compliance evidence. |
| Checkr | Background screening status and employment verification records. |
| Lattice | Reviews, goals, and HR program metadata tied to people compliance. |
| Sage HR | HR employee and absence metadata available via API for workforce evidence. |
| Workable | Jobs, candidates, and recruiting pipeline metadata for HR compliance. |
| Workday Report | Custom HR reports via Workday RaaS for payroll and workforce evidence. |
Monitoring
Monitoring
Amazon sources
| Integration | What it covers |
|---|---|
| AWS CloudWatch | Metrics, alarms, and monitoring configuration for operational controls. |
Other integrations
Productivity
Productivity
| Integration | What it covers |
|---|---|
| Confluence | Spaces, pages, and Atlassian access for documentation governance. |
| Docusign | Envelopes, recipients, and audit metadata for e-signature controls. |
| Envoy | Workplace visitors and location settings where applicable to physical security. |
| Notion | Pages, databases, users, and workspace structure for knowledge governance. |
| Reach 360 | Training enrollments, completions, content, and groups from Articulate Reach 360. |
Project management
Project management
| Integration | What it covers |
|---|---|
| Aha! | Roadmaps, ideas, and workspace metadata for product governance evidence. |
| Asana | Workspaces, projects, and tasks for access and collaboration reviews. |
| ClickUp | Workspaces, lists, tasks, and members for operational evidence. |
| Jira | Projects, issues, workflows, and service-management evidence. |
| Shortcut | Stories, epics, and workflow metadata for engineering governance. |
| Trello | Boards, lists, cards, and members for lightweight project evidence. |
Security
Security
| Integration | What it covers |
|---|---|
| Iru Endpoint | Device enrollment, posture, and endpoint inventory from Iru Endpoint. |
| 1Password | Audit and access events from your password manager (Events Reporting API). |
Amazon sources
| Integration | What it covers |
|---|---|
| Amazon Inspector | EC2 and container vulnerability and assessment findings. |
| AWS CloudTrail | Management events and trail configuration for API audit evidence. |
| AWS Config | Resource inventory, rules, and configuration timeline per Region. |
| AWS GuardDuty | Threat-detection findings and detector configuration. |
| AWS IAM | Users, roles, policies, MFA, and credential reports for access reviews. |
| AWS IAM Identity Center (Identity Store) | Directory users, groups, and memberships (identitystore: APIs). |
| AWS IAM Identity Center (SSO) | Permission sets, assignments, and SSO applications (sso: APIs). |
| AWS Key Management Service (KMS) | CMK metadata, rotation settings, and key policy evidence (not cleartext keys). |
| AWS Secrets Manager | Secret rotation metadata and inventory (not secret values). |
| AWS Security Hub | Aggregated controls and findings across integrated AWS security services. |
Other integrations
| Integration | What it covers |
|---|---|
| Cloudflare | DNS, WAF, and edge security configuration for perimeter controls. |
| HashiCorp Vault | Policies, mounts, and metadata for secrets-engine governance (not secret payloads). |
| JumpCloud | Directory, SSO, MDM, and device inventory for unified identity evidence. |
| KnowBe4 | Training campaigns and phishing simulation completion records. |
| Okta | Users, groups, MFA, apps, and SSO policies for identity evidence. |
| Semgrep | Static analysis findings, projects, and policies from Semgrep Cloud. |
Storage
Storage
Amazon sources
| Integration | What it covers |
|---|---|
| AWS Elastic File System (Amazon EFS) | File systems, mounts, and encryption posture for shared storage. |
| AWS S3 | Bucket policies, encryption, logging, and public-access blocks (not object bodies). |
Other integrations
| Integration | What it covers |
|---|---|
| Box | Enterprise content, folders, and collaboration permissions. |
Support
Support
| Integration | What it covers |
|---|---|
| Intercom | Workspace apps, conversations metadata, and admin surfaces exposed by API. |
Enable a source
Turn on the integration
Find the source card (use Search by name or description or Category if you need to narrow the list). On that card, turn on the toggle. A browser tab or window may open for the connector wizard (OAuth, API key, IAM role, or other prompts depending on the integration).
If nothing opens when you turn the toggle on, check pop-up blocker settings for the Iru site and try again.
Disable or remove a source
When a source is already Active, click its toggle again. Iru prompts you to confirm that you want to remove that source. Select Yes, remove to disable the integration and turn the source off. Select Cancel to dismiss the prompt and leave the source Active. If expected artifacts do not appear after the source is Active, confirm your actions describe which evidence should come from that system and that the connected account has the scopes or permissions the connector needs.Related articles
- Getting Started With Compliance: frameworks, actions, and artifacts.
- Artifacts Management: uploads, validation, and organizing evidence.