Configure AWS for Key-based Authentication

Required User Role: Administrator

Before you begin:

  • Enable CloudTrail and create a trail if one does not already exist.

    Note: You must turn on All or Write Only Management Events, as well as logging for the trail.

To configure AWS to support Tenable.io connectors via an IAM user with permissions (key-based authentication):

  1. Use the Policy Generator to create an IAM permission policy for integration with Tenable.io.

  2. Add the following permissions to the policy:
    AWS ServicePermission
    Amazon EC2
    • DescribeInstances

    AWS CloudTrail

    • DescribeTrails
    • GetEventSelectors
    • GetTrailStatus
    • ListTags
    • LookupEvents

    Tenable recommends that you set Amazon Resource Name to * (all resources) for each AWS Service.

  3. Create an IAM user with programmatic access.

  4. Assign the policy you created in Step 2 to the IAM user.

  5. Obtain Access and Secret keys.

(Optional) To configure linked AWS accounts:

What to do next: