Onboard AWS Accounts

You can connect your single, multiple or all Amazon Web Services (AWS) accounts as a part of your AWS project. For a detailed workflow for onboarding AWS accounts, see the Tenable Cloud Security Quick Reference Guide: Onboarding AWS Accounts.

To onboard AWS accounts in Tenable Cloud Security, each AWS account being onboarded must be associated with a role granting the ReadOnlyAccess policy to the Tenable AWS account. Tenable Cloud Security requires the Role ARN and External ID to onboard the AWS account. When onboarding an AWS Organization, Tenable Cloud Security provides you with a StackSet that recursively adds that role to all accounts under the organization. Tenable Cloud Security requires the StackSet ARN to onboard the organization. For more information, see the following topics:

• To connect multiple or all AWS accounts, see Onboard an AWS Organization.

• To connect a single AWS account, see Onboard an AWS Account.