Recently Viewed Topics
Keyless Authentication with Manual Linked Accounts Workflow
Tenable.io AWS connectors support keyless authentication via AWS role delegation. To use keyless authentication, you must establish a trust relationship between your AWS accounts and the Tenable AWS account. In this scenario, your AWS accounts communicate with a trusted Tenable AWS account that communicates with your AWS connector.
For more information about other AWS authentication options, see Amazon Web Services Connector.
If you do not want to use the Auto Discovery feature or if you are not using AWS Organizations, you can manually configure linked AWS accounts as shown in the diagram below.
To fully configure AWS keyless authentication with manual linked accounts in Tenable.io:
- In AWS, configure your primary AWS account to support keyless authentication for your connectors, as described in Configure AWS for Keyless Authentication. This documentation describes how to configure a role named tenableio-connector to delegate permissions for keyless authentication.
- (Optional) In AWS, manually configure linked accounts, as described in Configure Linked AWS Accounts (Keyless Manual). Each linked account needs to provide access to the Tenable account through role delegation.
- In Tenable.io, create your AWS connector, as described in Create an AWS Connector.