The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
Caution: This version of the AWS pre-authorized scanner has been removed and is no longer available to new customers.
To begin the Pre-Authorized Scanner AWS configuration, you must first create an Identity and Access Management (IAM) role. This role eliminates the need to store AWS access keys by providing the scanner instance with temporary AWS credentials. Once created, the IAM role is assigned to the Tenable Nessus instances as seen in the Launch Nessus Scanner Instance section. Additionally, this role must also have the Describe VPC Peering Connections role. The VPC peering relationship must be from the VPC containing the pre-authorized Tenable Nessus scanner (requestor) to the VPCs you want to scan.
Note: Pre-Authorized Scanner scans by instance ID and cannot be used in scans to target hosts by IP address. Configuring Pre-Authorized Scanner scans to target hosts by IP address returns an error.