Onboard an AWS Account

You can connect your Amazon Web Services (AWS) account as part of your AWS project. Use this method if you want to onboard each of your AWS account manually without deploying a CloudFormation template.

Before you begin:

You must have the following details for the read-only role in for your AWS account:

  • Role ARN

  • External ID

For more information, see Set Up Read-Only Access to the AWS Account.

To connect an AWS account:

  1. In the left navigation bar of the Tenable Cloud Security page, click the Create new icon Connection > AWS account.

  2. In the Choose a workflow to discover AWS accounts section, click Onboard AWS account.

  3. Click Continue.

    The Configure AWS account section appears.

  4. Type the appropriate Read Only Role ARN and External ID.

  5. Click Continue.

  6. In the Choose projects to add the AWS account(s) to section, select the project that you created for the AWS account.

    For more information, see Create a Project.

  7. In the Choose prerequisites section, select the check boxes:

    • Ensure that you have granted all permissions.

    • Ensure that you already have snapshots or or followed the provided instructions to create snapshots for the instances you wish to scan.

      Click the links to view documentation for providing permissions to Tenable Cloud Security for scanning and creating snapshots for Agentless Assessment.

  8. Click Connect Cloud Account.

    You can view the AWS project linked to the connected AWS account and the selected VPCs on the Projects & Connections page.