Amazon Web Services Connector

Frictionless Assessment is now End of Provisioning (starting May 15, 2023), and new users will not be able to deploy Frictionless Assessment connectors. Frictionless Assessment will reach End-of-Support on December 31, 2023, and will no longer receive support or updates. However, existing Frictionless Assessment connectors will continue to function until the feature is End-of-Life on December 31, 2024. Tenable recommends that you transition to Tenable Cloud Security with Agentless Assessment for scanning your cloud resources. For more information, see the Tenable Vulnerability Management Release Notes.

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Moderate Product Offering.

The Amazon Web Services (AWS) connector provides real-time visibility and inventory of EC2 instances in your AWS account.

To import and analyze information about EC2 instances in AWS, you must first configure AWS to support your connector configuration, then create an AWS connector in Tenable Vulnerability Management.

You can create an AWS connector to discover AWS assets and import them to Tenable Vulnerability Management. Assets discovered through the connectors do not count against the license until and unless the asset is scanned for vulnerabilities.

To assess AWS assets for vulnerabilities, Tenable recommends that you use Frictionless Assessment to assess for vulnerabilities in the cloud. Alternatively, you can run a Tenable Nessus scanner or agent scan, which runs plugins locally on the host.

Note: The AWS connector performs two types of imports:

Full Sync: Occurs when the AWS connector describes all EC2 instances in your account and imports them to Tenable Vulnerability Management.
Partial Sync: Occurs when the AWS connector reads all cloud trail events and imports any created or terminated EC2 instances since the previous sync.

The AWS connector performs up to 47 partial syncs and one full sync in a 24-hour period. When you set a new schedule, the AWS resets and triggers another full sync.

Goal	Connector Type
Discover AWS assets and assess for vulnerabilities using Frictionless Assessment The cloud connector discovers AWS assets and collects an inventory of data points on your AWS EC2 instances, then assesses the hosts for vulnerabilities in the cloud, rather than running plugins locally on the host. For more information, see Frictionless Assessment for AWS .	Keyless authentication with Frictionless Assessment enabled
Discover AWS assets The cloud connector discovers AWS assets without assessing them for vulnerabilities. Optionally, you can scan discovered assets later using a Tenable Nessus scanner or agent scan. For more information, see AWS Cloud Connector (Discovery Only).	Keyless authentication (recommended) Key-based authentication

Goal

Connector Type

Discover AWS assets and assess for vulnerabilities using Frictionless Assessment

The cloud connector discovers AWS assets and collects an inventory of data points on your AWS EC2 instances, then assesses the hosts for vulnerabilities in the cloud, rather than running plugins locally on the host.

For more information, see Frictionless Assessment for AWS .

Keyless authentication with Frictionless Assessment enabled

Discover AWS assets

The cloud connector discovers AWS assets without assessing them for vulnerabilities. Optionally, you can scan discovered assets later using a Tenable Nessus scanner or agent scan.

For more information, see AWS Cloud Connector (Discovery Only).

Keyless authentication (recommended)
Key-based authentication

To manage existing AWS connectors, see Manage Connectors.

Tip: For descriptions of common connector errors, see Connectors in the Tenable Developer Portal.