Link a BYOL Scanner to Tenable.io with Pre-Authorized Scanner Features

You can retain your pre-authorized AMI installation features when linking BYOL scanners to Tenable.io by using the following procedure.

Note: This feature is only available for Nessus versions 10.2.0 and later.

Caution: If you plan to downgrade a 10.2 Nessus scanner that was linked with the AWS scanner flag (see the following steps) to version 10.1.x or earlier, you need to manually unlink and relink the scanner after downgrading. Otherwise, Tenable.io will not recognize the scanner.

Before you begin:

Assign an IAM role to the Nessus instance you are deploying. For more information, see step 16 of Launch Pre-Authorized Nessus Scanner.

To link a BYOL scanner to Tenable.io with pre-authorized scanner features:

When you link the scanner to Tenable.io using the command line, as described in the Link to Tenable.io topic in the Nessus User Guide, use the optional --aws-scanner flag. For example:

> nessuscli managed link --key=<LINKING KEY> --cloud --aws-scanner

Note: The scanner must already be running on an AWS instance for the flag to take effect.