AnkosDocs
Getting Started

Quickstart

Run your first Ankos scan and see your AWS environment mapped to PCI DSS requirements in under five minutes.

This guide walks you through installing the Ankos CLI and running your first PCI DSS evidence scan against your AWS account. The CLI is free and requires no signup.

1. Install the CLI

curl -sSL https://get.ankos.dev | sh

Verify the install:

ankos --version

2. Configure AWS credentials

Ankos uses your existing AWS credentials — the same ones the AWS CLI uses. You can use a named profile or environment variables.

# Using a profile
export AWS_PROFILE=my-profile

# Or environment variables
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_REGION=us-east-1

Ankos only needs read-only permissions. Your credentials stay on your machine — we never transmit or store AWS keys.

3. Run your first scan

ankos scan

The CLI will scan your AWS environment across all in-scope services (IAM, S3, KMS, VPC, CloudTrail, GuardDuty, RDS, and more) and print a PCI DSS evidence summary to your terminal.

4. Generate a report

ankos report --format html --output ./ankos-report.html

Supported formats: text, json, html, csv, docx.

5. Explore results

Open the generated HTML report and you'll see:

  • Every PCI DSS requirement Ankos collected evidence for
  • Items that need manual review (with guidance on what to upload)
  • Items out of scope with justification
  • Auto-generated narratives ready for QSA review

Next steps

Full CLI Reference

All commands, flags, and collectors.

Concepts: the Compliance Ledger

How Ankos organizes evidence by DRL category.

Upgrade to the Team plan

Get the full compliance ledger with 60-day free trial.

Getting Started

Install the Ankos CLI, run your first scan, and see your AWS environment mapped to PCI DSS requirements.

Installation

Install the Ankos CLI on macOS, Linux, or Windows.

On this page

1. Install the CLI2. Configure AWS credentials3. Run your first scan4. Generate a report5. Explore resultsNext steps