Base Account

The AWS connectors uses Qualys accounts. If you do not wish to use Qualys account, you can use the base account feature to set up the AWS connectors. You can configure to use your own AWS account as a base account while setting up the AWS Connectors instead of using Qualys account. You need to configure your AWS account ID with the base account you create.

For example, you have 3 AWS accounts: Central Security Account, Production and Development in Global region. You can designate the Central Security Account as a base account for Global region to set up an AWS connector in AssetView to pull the instances from Production & Development account.   

Create Base Account

Before you create a new connector, create a base account for the same account type (region). If you do not create a base account, you can still create a connector using Qualys account.

(1) Go to Configuration > Amazon Web Services and then click Configure Base Account.

(2) Click Create and provide title, AWS account ID, access and secret keys.

(3) Select the account type. You can create only one base account per account type.

Ensure that the AWS account ID for which you configure that base account has policies associated in the AWS console. Learn more

(4) Select the Use in AssetView option to enable that AWS connectors (using configured base account) to be available in the AssetView App as well. This will save you from creating a separate connector in AssetView. Once enabled in CloudView, disabling this option later will not remove the corresponding connector from AssetView. You need to explicitly remove the connector from the AssetView app.

Edit Base Account

Select the base account you want to edit and click the quick action menu, then select Edit. You can edit name, AWS account ID, access keys and secret keys. You cannot edit the account type.

Updating Existing Connectors to Base AccountUpdating Existing Connectors to Base Account

To update the existing AWS connectors with cross-account role to base account usage, you need to

-create a base account using AWS account ID

-update the Trust Entities for your IAM Roles Show meShow me

On AWS console, go to IAM role > Trust relationships  and then Edit trust relationship. Ensure that the AWS account ID for which you configure that base account matches the account number in trusted relationships of the AWS console. Click Update Trust Policy.

Once you update the corresponding policy, all your existing ARN based connectors will be automatically upgraded to base account you configure.

What happens if I delete the base account?

If you delete a base account, all the connectors that are associated with the base account will be automatically updated to Qualys account in Qualys Cloud Platform. However you need to go to your AWS account, update the Trusted Entities of the arn roles from base account ID to Qualys account ID.