TOC & Recently Viewed

Recently Viewed Topics

Keyless Authentication with Auto Discovery Workflow

Tenable.io AWS connectors support keyless authentication via AWS role delegation. Keyless authentication via AWS role delegation allows the automatic discovery of your AWS assets. To use keyless authentication, you must establish a trust relationship between your AWS account and the Tenable AWS account. In this scenario, your AWS accounts communicate with a trusted Tenable AWS account that communicates with your AWS connector.

For more information about other AWS authentication options, see Amazon Web Services Connector.

If you want to use the Auto Discovery feature with keyless authentication, you must enable AWS Organizations and assign a ListAccounts policy. This policy allows the Tenable AWS Account to automatically find other AWS accounts in your organization, as shown in the diagram below.

To fully configure AWS keyless authentication with auto discovery in Tenable.io:

  1. In AWS, configure your primary AWS account to support keyless authentication and auto discovery for your connectors, as described in Configure AWS for Keyless Authentication and Auto Discovery. This documentation describes how to configure a role named tenableio-connector to delegate permissions for keyless authentication, and how to add an AWS Organizations policy with the ListAccounts permission to support auto discovery.
  2. In Tenable.io, create your AWS connector, as described in Create an AWS Connector.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.