TOC & Recently Viewed

Recently Viewed Topics

Configure Amazon Web Services (AWS)

Required User Role: Administrator

Before you can use AWS connectors, you must perform several steps in AWS.

The AWS connector requires that AWS CloudTrail is enabled.

Note: For more information about configuring AWS to use with, see the AWS integration guide.

To configure AWS to support connectors:

  1. Create a trail if one does not already exist.

    Note: You must turn on All or Write Only Management Events, as well as logging for the trail.

  2. Use the Policy Generator to create an IAM permission policy for integration with

  3. Add the following permissions to the policy:
    AWS ServicePermission
    Amazon EC2
    • DescribeInstances

    AWS CloudTrail

    • DescribeTrails
    • GetEventSelectors
    • GetTrailStatus
    • ListPublicKeys
    • ListTags
    • LookupEvents

    Tenable recommends that you set Amazon Resource Name to * (all resources) for each AWS Service.

  4. Create an IAM user with programmatic access.

  5. Assign the policy you created in Step 2 to the IAM user.

  6. Obtain Access and Secret keys.

What to do next:

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.