TOC & Recently Viewed

Recently Viewed Topics

Configure Linked AWS Accounts (Keyless Manual)

Before you begin:

  • Record the Account ID for the primary AWS account.

To configure linked AWS accounts:

  1. In Tenable.io, record the External ID from the AWS connector pane.

    Note: The external ID is the same as the container ID.

  2. In your AWS account, create a role named tenableio-connector to delegate permissions to an IAM user, as described in the Amazon AWS documentation.

    1. In the navigation pane of the console, click Roles > Create role.

    2. For role type, click Another AWS account.

    3. For Account ID, type the AWS account ID of the primary AWS account.
    4. Select the Require external ID checkbox, and type the External ID (Tenable container ID) that was recorded in Step 1.

    5. Click Next: Permissions.
    6. Create or reuse a policy with the following permissions:

      AWS ServicePermission
      Amazon EC2
      • DescribeInstances

      AWS CloudTrail

      • DescribeTrails
      • GetEventSelectors
      • GetTrailStatus
      • ListTags
      • LookupEvents

      Tenable recommends that you set Amazon Resource Name to * (all resources) for each AWS Service.

    7. Click Next: Tagging.

    8. (Optional) Add any desired tags.
    9. Click Next: Review.

    10. In the Role name box, type tenableio-connector.
      Caution: The role must be named tenableio-connector for the connector to work.
    11. Review the role, ensuring that the role name is tenableio-connector, and then click Create role.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.