Keyless Authentication with Manual Linked Accounts Workflow

Tenable.io AWS connectors support keyless authentication via AWS role delegation. To use keyless authentication, you must establish a trust relationship between your AWS accounts and the Tenable AWS account. In this scenario, your AWS accounts communicate with a trusted Tenable AWS account that communicates with your AWS connector.

For more information about other AWS authentication options, see Amazon Web Services Connector.

If you do not want to use the Auto Discovery feature or if you are not using AWS Organizations, you can manually configure linked AWS accounts as shown in the diagram below.

To fully configure AWS keyless authentication with manual linked accounts in Tenable.io:

  1. In AWS, configure your primary AWS account to support keyless authentication for your connectors, as described in Configure AWS for Keyless Authentication. This documentation describes how to configure a role named tenableio-connector to delegate permissions for keyless authentication.
  2. In Tenable.io, create your AWS connector, as described in Create an AWS Connector.