Create AWS Snapshot

This is a prerequisite before you set up an Agentless Assessment. Create snapshots for EC2 instances that you want to scan. Create snapshots for EC2 instances that you want to scan because the Agentless Assessment process requires them to read installed package data. You can create snapshots manually or you can automate the process using AWS Data Lifecycle Manager (DLM). Tenable recommends that you automate this process.

Note: AWS Backup's snapshot automation feature is not currently compatible with Elastic Block Storage (EBS) service's list and describe APIs. Therefore, it is not possible to create automated EBS snapshots that are readable by Agentless Assessment using AWS Backup.

Tenable recommends that you follow these best practices for snapshots:

  • Take snapshots frequently.

  • Do not share snapshots between accounts.

  • Ensure snapshots are not visible publicly.

  • Ensure snapshots have appropriate life-cycle management for creation, archiving, and deletion.

  • Encrypt all snapshots.

To create a snapshot manually:

  1. Log in to the AWS console.

  2. In the left navigation bar, select EC2 Service dashboard.

    The EC2 Service Dashboard page appears.

  3. In the left navigation bar, click Elastic Block Store > Snapshots.

    The Create Snapshot page appears.

  4. In the Snapshot Settings section, under Resource Type, select Instance.

  5. In the Instance ID box, select the EC2 Instance ID for which you want to create a snapshot.

  6. Click Create snapshot.

    AWS creates the snapshot, which takes around 10 minutes to complete.

Automating snapshot creation with AWS Data Lifecycle Manager (DLM):

You can use the Data Lifecycle Manager (DLM) service to automate the creation of snapshots from EC2 instances according to a schedule. For more information, see Amazon Data Lifecycle Manager.

See this CloudFormation Template for an example of snapshot automation using DLM.