Create an AWS Connector with Key-based Authentication

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Moderate Product Offering.

Required User Role: Administrator

Before you begin:

• Complete the required AWS configuration steps for key-based authentication.

To create an AWS connector:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane, click Settings.

   The Settings page appears.

3. Click the Cloud Connectors tile.

   The Cloud Connectors page appears and displays the configured connectors table.

4. In the upper-right corner of the page, click the Create Cloud Connector button.

   The cloud connector selection plane appears.

5. In the Cloud Connectors section, click AWS - Keyed setup.

   The cloud connector creation plane appears.

6. In the Connector Name box, type a name to identify the connector.
7. In the Access Key box, type the access key that you obtained when configuring AWS.
8. In the Secret Key box, type the secret key that corresponds to the access key you used.
9. In the Select or Create Network drop-down box, select an existing network for your connector or click the button to create a new network.
   Note: Networks help to avoid IP address collisions between cloud assets and Nessus-discovered assets. Tenable recommends creating a network for each connector type in use to prevent asset records in different cloud environments from overwriting each other. For more information about the network feature, see Networks.

10. Use the Cloud Connector Schedule toggle to enable or disable scheduled imports.
    Note: By default, Tenable Vulnerability Management requests new and updated asset records every 1 hour.

    If enabled:

    • In the Import text box, type the frequency with which Tenable Vulnerability Management sends data requests to the AWS server.
    • In the drop-down box select Minutes, Hours, or Days.
      Note: When you schedule a connector configuration to sync every 30 minutes, a discovery job is placed in a queue every 30 minutes. The results of the discovery job become available in the Tenable Vulnerability Management interface and logs depending on the workload for the connector services. So, the results of the discovery job can take more than 30 minutes depending on the queue.

11. Do one of the following:
    • To save the connector, click Save.
    • To save the connector and import your assets from AWS, click Save & Import.
Note: There may be a short delay before your assets appear in Tenable Vulnerability Management.