Link a BYOL Scanner to with Pre-Authorized Scanner Features

You can retain your pre-authorized AMI installation features when linking BYOL scanners to by using the following procedure.

Note: This feature is only available for Nessus versions 10.2.0 and later.
Caution: If you plan to downgrade a 10.2 Nessus scanner that was linked with the AWS scanner flag (see the following steps) to version 10.1.x or earlier, you need to manually unlink and relink the scanner after downgrading. Otherwise, will not recognize the scanner.

Before you begin:

Assign an IAM role to the Nessus instance you are deploying. For more information, see step 16 of Launch Pre-Authorized Nessus Scanner.

To link a BYOL scanner to with pre-authorized scanner features:

  • Do one of the following:

    • When you link the scanner to using the command line, as described in the Link to topic in the Nessus User Guide, use the optional --aws-scanner flag. For example:

      > nessuscli managed link --key=<LINKING KEY> --cloud --aws-scanner

    • When you deploy the scanner to using a JSON file, as described in the Deploy Nessus using JSON topic in the Nessus User Guide, set the aws_scanner flag to true. For example:

      # cat config.json { "link": { "name": "NAME", "host": "", "port": 443, "key": "LINKING KEY", "retry": 1, "groups": ["group1"], "aws_scanner": true



Note: The scanner must already be running on an AWS instance for the flag to take effect.