Configure AWS for Key-based Authentication

Required User Role: Administrator

Before you begin:

  • Enable CloudTrail and create a trail if one does not already exist.

    Note: You must turn on All or Write Only Management Events, as well as logging for the trail.

To configure AWS to support connectors via an IAM user with permissions (key-based authentication):

  1. Use the Policy Generator to create an IAM permission policy for integration with

  2. Add the following permissions to the policy:
    AWS ServicePermission
    Amazon EC2
    • DescribeInstances

    AWS CloudTrail

    • DescribeTrails
    • GetEventSelectors
    • GetTrailStatus
    • ListTags
    • LookupEvents

    Tenable recommends that you set Amazon Resource Name to * (all resources) for each AWS Service.

  3. Create an IAM user with programmatic access.

  4. Assign the policy you created in Step 2 to the IAM user.

  5. Obtain Access and Secret keys.

(Optional) To configure linked AWS accounts:

What to do next: