TOC & Recently Viewed

Recently Viewed Topics

Keyless Authentication with Manual Linked Accounts Workflow

Tenable.io AWS connectors support keyless authentication via AWS role delegation. To use keyless authentication, you must establish a trust relationship between your AWS accounts and the Tenable AWS account. In this scenario, your AWS accounts communicate with a trusted Tenable AWS account that communicates with your AWS connector.

For more information about other AWS authentication options, see Amazon Web Services Connector.

If you do not want to use the Auto Discovery feature or if you are not using AWS Organizations, you can manually configure linked AWS accounts as shown in the diagram below.

To fully configure AWS keyless authentication with manual linked accounts in Tenable.io:

  1. In AWS, configure your primary AWS account to support keyless authentication for your connectors, as described in Configure AWS for Keyless Authentication. This documentation describes how to configure a role named tenableio-connector to delegate permissions for keyless authentication.
  2. (Optional) In AWS, manually configure linked accounts, as described in Configure Linked AWS Accounts (Keyless Manual). Each linked account needs to provide access to the Tenable account through role delegation.
  3. In Tenable.io, create your AWS connector, as described in Create an AWS Connector.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.