Deploy Tenable Core in AWS
When you deploy a Tenable Core + Tenable Web App Scanning virtual machine in Amazon Web Service (AWS) with cloud-init, you can configure your instance of Tenable Core + Tenable Web App Scanning and link it to Tenable Vulnerability Management during deployment.
You can use cloud-init to configure your virtual machine through the Amazon Marketplace or through the AWS command-line interface (CLI). To configure your virtual machine through the CLI, you must create a configuration file with data specifications for your virtual machine. For more information, see the cloud-init Documentation at cloud-init.io.
Before you begin:
-
Confirm your environment will support your intended use of the instance, as described in System Requirements.
-
Confirm your internet and port access will support your intended use of the instance, as described in Access Requirements.
To deploy Tenable Core + Tenable Web App Scanning using cloud-init via the Amazon Marketplace:
- Log in to AWS. For information about how to log in to AWS, see the AWS Documentation.
- Navigate to the Amazon Marketplace.
- In the Amazon Marketplace search bar, type Tenable Core + Tenable Web App Scanning Amazon Machine Image (AMI).
-
Click the result for Tenable Core + Tenable Web App Scanning Amazon Machine Image (AMI).
The Tenable Core + Tenable Web App Scanning AMI product overview page appears.
-
Click Continue to Subscribe.
A terms and conditions window appears.
-
Click Accept Terms.
-
Click Continue to Configuration.
The basic configurations page appears.
-
Select the region where you want to operate your Tenable Core + Tenable Web App Scanning instance.
Note: AWS automatically selects fulfillment and software versions for the AMI based on your region.
-
Click Continue to Launch.
The launch options page appears.
- In the Choose Action drop-down box, select Launch through EC2.
-
Click Launch.
The configuration page appears.
- Configure the options based on the specifications you want for your instance and the requirements described in Tenable Core Requirements. For information about configurations in AWS, see the AWS Documentation.
- Click the Configure Instance tab.
-
In the Advanced Settings section, in the text box, paste the following configuration variables:
#cloud-config runcmd: # Link WAS to Tenable.io - - /usr/libexec/tenablecore/was_rest_client.py - --set-link - --scanner-name "<name>" - --linkkey "<linking key>"Note: You can add more configurations (e.g., password, new users, groups) to your instance by adding the configurations and values to the configuration file. For information on configuration options, see the cloud-init Documentation at https://cloudinit.readthedocs.io/en/latest/.
Tip: You can add additional configurations (e.g., password, new users, groups) to your instance by modifying the configurations and values in the configuration file. For more information, see the cloud-init Documentation at https://cloudinit.readthedocs.io/en/latest/.
-
Click Launch.
An SSH key pair window appears.
-
In the SSH key pair window, in the drop-down box, select the key pair option you want for your instance.
Caution: Do not select the option to proceed without a key pair. If you launch your Tenable Core + Tenable Web App Scanning instance without a key pair you cannot connect to the instance, and you cannot add an SSH key pair later.
Action Steps Choose existing key pair - Select the file for the key pair you want to use.
- Select the I acknowledge that I have access to the select private key file check box.
Create a new key pair - In the box, type a name for your private key file.
- Click the download button.
The private key file downloads in your browser.
- In the lower-left corner, click Launch Instances.
AWS deploys and launches your Tenable Core + Tenable Web App Scanning instance as a virtual machine in AWS.
What to do next: