Create an AWS Connector

Required User Role: Administrator

Before you begin:

To create an AWS connector:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Settings.

    The Settings page appears.

  3. Click the Connectors tile.

    Click the Cloud Connectors tile.

    The Connectors page appears. By default, the Connectors page displays a table of configured connectors.

  4. In the upper-right corner of the page, click the Create Connector button.

    The Select a Connector plane appears.

  5. In the Connectors section, click Amazon AWS.

    The Amazon AWS settings plane appears.

  6. In the Connector Name box, type a name to identify the connector.
  7. Do one of the following, depending on how you configured authentication for AWS:
    • If you configured AWS to support keyless authentication via role delegation:
      1. In the Account ID box, type your primary AWS account ID.
    • If you configured AWS to support key-based authentication:
      1. Use the Use Access Key / Secret Key toggle to enable the key-based authentication option.

        The Access Key and Secret Key boxes appear.

      2. In the Access Key box, type the access key that you obtained when configuring AWS.
      3. In the Secret Key box, type the secret key that corresponds to the access key you typed in Step b.
  8. Use the Auto Discovery toggle to enable or disable automatic discovery of linked accounts and CloudTrails.

    Note: Auto Discovery is enabled by default when using AWS role delegation (keyless authentication). Auto Discovery is disabled by default, and cannot be enabled, if AWS was configured to support key-based authentication.

  9. If using Access Key / Secret Key authentication or if Auto Discovery is disabled:
    1.  (Optional) To add linked AWS accounts, in the Add Linked Accounts section, click the button.

      The Add Linked Accounts settings plane appears.

      1. In the Account ID box, type the account ID for the Amazon AWS account that you want to link. For information about configuring linked accounts, see Configure Linked AWS Accounts (Keyless Manual) or Configure Linked AWS Accounts (Key-based).

        Tip: The minimum length for the ID is 12 characters. To display error messages, hover over the Account ID box.

      2. Click Add to add the linked accounts.

        The Amazon AWS settings plane reappears.

    2. In the Select AWS CloudTrails section, click the button to add CloudTrails.

      The Select AWS CloudTrails settings plane appears.

      1. Select the check boxes corresponding to the trails that you want to connect to You must select at least one trail.
      2. Click Done to add the trails you selected. displays the Amazon AWS settings plane.

  10. In the Select or Create Network drop-down box, select an existing network for your connector or click the button to create a new network.

    Note: Networks help to avoid IP address collisions between cloud assets and Nessus-discovered assets. Tenable recommends creating a network for each connector type in use to prevent asset records in different cloud environments from overwriting each other. For more information about the network feature, see Networks.

  11. Use the Schedule Import toggle to enable or disable scheduled imports.

    Note: By default, requests new and updated asset records every 1 hour.

    If enabled:

    • In the Import text box, type the frequency with which sends data requests to the AWS server.
    • In the drop-down box select Minutes, Hours, or Days.
  12. Do one of the following:
    • To save the connector, click Save.
    • To save the connector and import your assets from AWS, click Save & Import.
  13. Note: There may be a short delay before your assets appear in