Amazon Web Services Connector
The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.
The Amazon Web Services (AWS) connector provides real-time visibility and inventory of EC2 instances in your AWS account.
To import and analyze information about EC2 instances in AWS, you must first configure AWS to support your connector configuration, then create an AWS connector in Tenable Vulnerability Management.
You can create an AWS connector to discover AWS assets and import them to Tenable Vulnerability Management. Assets discovered through the connectors do not count against the license until and unless the asset is scanned for vulnerabilities.
Alternatively, you can run a Tenable Nessus scanner or agent scan, which runs plugins locally on the host.
Full Sync: Occurs when the AWS connector describes all EC2 instances in your account and imports them to Tenable Vulnerability Management.
Partial Sync: Occurs when the AWS connector reads all cloud trail events and imports any created or terminated EC2 instances since the previous sync.
The AWS connector performs up to 47 partial syncs and one full sync in a 24-hour period. When you set a new schedule, the AWS resets and triggers another full sync.
| Goal | Connector Type |
|---|---|
|
Discover AWS assets The cloud connector discovers AWS assets without assessing them for vulnerabilities. Optionally, you can scan discovered assets later using a Tenable Nessus scanner or agent scan. For more information, see AWS Cloud Connector (Discovery Only). |
|
To manage existing AWS connectors, see Manage Connectors.