Configure AWS for Key-based Authentication

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Moderate Product Offering.

Required User Role: Administrator

Before you begin:

• Enable CloudTrail and create a trail if one does not already exist.

  Note: You must turn on All or Write Only Management Events, as well as logging for the trail.

To configure AWS to support Tenable Vulnerability Management connectors via an IAM user with permissions (key-based authentication):

1. Use the Policy Generator to create an IAM permission policy for integration with Tenable Vulnerability Management.

2. Add the following permissions to the policy:

   AWS Service	Permission
   EC2	DescribeInstances
   CloudTrail	DescribeTrails GetEventSelectors GetTrailStatus ListTags LookupEvents

   Tenable recommends that you set Amazon Resource Name to * (all resources) for each AWS Service.

3. Create an IAM user with programmatic access.

4. Assign the policy you created in Step 2 to the IAM user.

5. Obtain Access and Secret keys.

(Optional) To configure linked AWS accounts:

• Link AWS Accounts

What to do next:

• Create an AWS connector with Keyed Authentication.