Configure AWS connectors for gathering resource information from your AWS account. It just takes a couple of minutes. Qualys connectors discovers and syncs resource inventories every 4 hours.
The AWS connectors uses Qualys accounts. If you do not wish to use Qualys account, you can use the base account instead to set up the AWS connectors. Learn more
Go to the Configuration > Amazon Web Services and then click Create Connector.
Provide a few connector details.
(1) Enter a name and description (optional) for your connector.
(2) Select an account type for your connector: Global, US GovCloud or China. You can choose only one account type per connector.
(3) Select a frequency at which the connector should poll the cloud provider and fetch data.
By default, the connector polling frequency is configured for every 4 hours. As a result, the connector will connect with the cloud provider every 4 hours to fetch the data.
You can configure frequency from minimum one hour to maximum 24 hours. We recommend that you configure frequency of 4 hours or more for optimal use of your connector. Configuring a low polling frequency (lesser than 4 hours) can affect the performance of the connector and may result in AWS API throttling error.
- If you trigger Run for the connector from the quick actions menu, the scheduled connector polling (as per the configured frequency) remains unaffected.
- Configuration of connector polling frequency is enabled only for Cloud Security Assessment (CSA) users.
(4) Set up a cross-account role in AWS.
A unique external ID gets generated during connector creation. AWS recommends the External ID should be read-only field as one of its best practices. We generate a unique External ID, and auto-populate it. It is a read-only field and you cannot edit the External ID field, thereby enhancing the security of your AWS account.
(5) Copy/paste the Role ARN into the form.
(6) Select Create Connector in AssetView check box. (optional step)
Selecting this check box will ensure that a replica of the current connector is created and available in AssetView module. This will save the efforts of connector creation steps in AssetView module.
-User needs access to EC2 Connector page in AssetView module and 'Manage Asset Data Connectors' permission enabled in AssetView permissions.
(7) Click Test Connector to verify if the connector can assume the provided role (created by user) and successfully authenticate in AWS cloud environment. If the test connection is successful, proceed with the connector creation process. If the test connection fails, you may need to check and update the credentials you provided for the connection to work.
Note: Ensure that you have all the pre-requisite permissions, correct cross-account role with necessary associated policies with the connector to successfully fetch resource details.
(8) Click Create Connector.
That’s it! The connector will establish a connection with AWS to start discovering resources from each region and evaluate them against policies.
Editing Connector Details
Go to Configuration > Amazon Web Services and select the connector for which you would want to edit the details. From the quick actions menu, select View and go to Connector Information tab and click Edit.
You can now edit the required details.
Once you update the required details, you can click Test Connector to verify if the connection to the AWS cloud provider is successful with the details you updated. If the test connection is successful, click Save and proceed.
If the test connection fails, you may need to check and update the credentials you provided for the connection to work.