Create an AWS Snapshot

EBS snapshots must be created and accessible for EC2 instances that you want to scan with Agentless Assessment.

Note: Agentless Assessment scans AWS Instance snapshots, and not AWS volume snapshots.

You can create snapshots manually or you can automate the process using AWS Data Lifecycle Manager (DLM). Tenable recommends that you automate this process.

Note: AWS Backup's snapshot automation feature is not currently compatible with Elastic Block Storage (EBS) service's list and describe APIs. Therefore, it is not possible to create automated EBS snapshots that are readable by Agentless Assessment using AWS Backup.

Tenable recommends that you follow these best practices for snapshots:

  • Take snapshots frequently.

  • Do not share snapshots between accounts.

  • Ensure snapshots are not visible publicly.

  • Ensure snapshots have appropriate life-cycle management for creation, archiving, and deletion.

  • Encrypt all snapshots.

Create AWS Snapshot Manually

To create a snapshot manually:

  1. Log in to the AWS console.

  2. In the left navigation bar, select EC2 Service dashboard.

    The EC2 Service Dashboard page appears.

  3. In the left navigation bar, click Elastic Block Store > Snapshots.

    The Create Snapshot page appears.

  4. In the Snapshot Settings section, under Resource Type, select Instance.

  5. In the Instance ID box, select the EC2 Instance ID for which you want to create a snapshot.

  6. Click Create snapshot.

    AWS creates the snapshot, which takes around 10 minutes to complete.

Automate Snapshot Creation with AWS Data Lifecycle Manager (DLM)

You can use the Data Lifecycle Manager (DLM) service to automate the creation of snapshots from EC2 instances according to a schedule. For more information, see Amazon Data Lifecycle Manager.

To get you started, an example is provided to deploy DLM automatically on Tenable GitHub.