TOC & Recently Viewed

Recently Viewed Topics

Configure Amazon Web Services (AWS)

Before using Tenable.io AWS connectors, several steps need to be performed in AWS. The AWS connector requires that AWS CloudTrail is enabled.

The following steps are performed via AWS:

  1. If one does not already exist, create a trail.
  2. Use the Policy Generator to create an IAM permission policy for integration with Tenable.io. The following permissions must be added to the policy. It is recommended that you set Amazon Resource Name to * (all resources) for each AWS Service.

    Amazon EC2:

    • DescribeInstances

    Amazon S3:

    • GetObject
    • GetBucketLocation
    • ListAllMyBuckets

    AWS CloudTrail:

    • DescribeTrails
    • GetEventSelectors
    • GetTrailStatus
    • ListPublicKeys
    • ListTags
    • LookupEvents

    AWS Key Management Service:

    • ListAliases
  3. Create an IAM user with programmatic access.
  4. Assign policies to the IAM user.

    You must assign the following policies:

    • The IAM permission policy you created in Step 2.
    • The AWS Managed Policy AWSCloudTrailReadOnlyAccess.
  5. Obtain Access and Secret keys.

Next, create an AWS connector.

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.