Audit the AWS Environment

You can use Tenable Vulnerability Management to audit the Amazon Web Services environment to detect misconfigurations in your cloud environment and account settings using Tenable Vulnerability Management. Complete the following steps to configure AWS for successful Audit Cloud Infrastructure assessments with Tenable Vulnerability Management.

Note: Tenable recommends that you create a new read-only access AWS account just for Tenable Vulnerability Management. If you experience issues, see AWS Audit Troubleshooting.

To audit the AWS environment, you must complete the following tasks:

Create a Read-Only Group in AWS

To create a read-only group in AWS:

  1. Log in to your AWS account.

  2. Click My Account > AWS Management Console.

    The AWS Management Console appears.

  3. Click Services.

    The Services page appears.

  4. In the Security, Identity, and Compliance section, click IAM.

    The IAM control panel appears.

  5. In the left panel, click Groups.

    The Groups page appears.

  6. Click Create New Group.

    The Create New Group Wizard appears.

  7. In the Group Name box, type a name for the read-only group.

  8. Click Next Step.

    The Attach Policy screen appears.

  9. Select the ReadOnlyAccess AWS-managed policy.

  10. (Optional) On the Attach Policy screen, select the SecurityAudit AWS-managed policy.
  11. Click Next Step.

    The Review page appears.

  12. Review the group information.
  13. Click Create Group.

    AWS creates the read-only group.

Create a Scanning User in AWS

To create a scanning user in AWS:

  1. Log in to your AWS account.

  2. Click UsersAdd Users.

    The Add User page appears.

  3. In the Set user details section, in the User name text box, type a name for the user.
  4. In the Select AWS access type section, select the Programmatic access checkbox.

  5. Click Next: Permissions.

    The Set permissions page appears.

  6. Click Add user to group.
  7. In the Add user to group section, select the read-only group you previously created.

  8. Click Next: Tags.

    The Tags page appears.

  9. (Optional) Configure any tags you want to add to the user profile.
  10. Click Next: Review.

    The Review page appears.

  11. Review the user profile.
  12. Click Create User.

    An Access key ID and Secret access key appear.

  13. Copy the Access key ID and Secret access key to use to configure the Audit Cloud Infrastructure in Tenable Vulnerability Management.

Configure AWS Audit Cloud Infrastructure in Tenable Vulnerability Management

To configure AWS Audit Cloud Infrastructure in Tenable Vulnerability Management:

  1. Log in to Tenable Vulnerability Management.

  2. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  3. In the left navigation plane, in the Vulnerability Management section, click Scans.

    The Scans page appears.

  4. In the upper-right corner of the page, click Create a Scan.

    The Select a Scan Template page appears.

  5. Click Audit Cloud Infrastructure.

    The New Scan page appears.

  6. On the Settings tab, type a name for the scan.
  7. Set Scanner Type to Tenable Cloud Sensor.
  8. Click the Compliance tab.

    The Compliance options appear.

  9. Click AMAZON AWS.
  10. Select the appropriate audit files for the scan.

    When you select an audit file, Tenable Vulnerability Management adds the file to the list.

  11. Click the Credentials tab.

    The Credentials options appear.

  12. In the ADD CREDENTIALS section, select Amazon AWS.
  13. In the AWS Access Key ID text box, type the key you copied in the Create a Scanning User in AWS section.
  14. In the AWS Secret Key text box, type the key you copied in the Create a Scanning User in AWS section.
  15. From the Regions to Access drop-down box, select the region to which you want to apply the scan.
  16. Do one of the following:
    • To save without launching the scan click Save.

    • To save and launch the scan immediately, click the drop-down arrow next to Save and select Launch.

Tip: If you experience aborted scans or are unable to find a matching scanner route, you may need to specify a dedicated scanner, and re-scan. For troubleshooting help, see AWS Audit Troubleshooting. For more information on Tenable Vulnerability Management scans, refer to the Tenable Vulnerability Management User Guide.

View Audit Details in the Scan Results

After the scan completes, you can analyze the results in Tenable Vulnerability Management.

To view audit details in the scan results:

  1. Log in to Tenable Vulnerability Management.
  2. In the top navigation bar, click Scans.
  3. Click the AWS Cloud Infrastructure scan you previously created.
  4. Click the Audits tab.

  5. Click an audit in the table to view audit details, including the Description, Reference Information, and Solution.