Create an AWS Snapshot
EBS snapshots must be created and accessible for EC2 instances that you want to scan with Agentless Assessment.
You can create snapshots manually or you can automate the process using AWS Data Lifecycle Manager (DLM). Tenable recommends that you automate this process.
Tenable recommends that you follow these best practices for snapshots:
-
Take snapshots frequently.
-
Do not share snapshots between accounts.
-
Ensure snapshots are not visible publicly.
-
Ensure snapshots have appropriate life-cycle management for creation, archiving, and deletion.
-
Encrypt all snapshots.
Create AWS Snapshot Manually
To create a snapshot manually:
-
Log in to the AWS console.
-
In the left navigation bar, select EC2 Service dashboard.
The EC2 Service Dashboard page appears.
-
In the left navigation bar, click Elastic Block Store > Snapshots.
The Create Snapshot page appears.
-
In the Snapshot Settings section, under Resource Type, select Instance.
-
In the Instance ID box, select the EC2 Instance ID for which you want to create a snapshot.
-
Click Create snapshot.
AWS creates the snapshot, which takes around 10 minutes to complete.
Automate Snapshot Creation with AWS Data Lifecycle Manager (DLM)
You can use the Data Lifecycle Manager (DLM) service to automate the creation of snapshots from EC2 instances according to a schedule. For more information, see Amazon Data Lifecycle Manager.
To get you started, an example is provided to deploy DLM automatically on Tenable GitHub.