Follow these steps to create an IAM role in AWS that will give Qualys cross-account access to your AWS resources. Then copy the Role ARN into your connector details.
1 - Log in to your Amazon Web Services (AWS) Console.
2 - Go to the IAM service.
3 - Go to Roles and click Create role.
4 - Under "Select type of trusted entity" choose "Another AWS account". Then: a) Paste in the Qualys AWS Account ID (from connector details), b) Select Require external ID and paste in the External ID (from connector details), and c) Click Next: Permissions. Show me
A unique external ID gets generated during connector creation in CloudView. You can copy the external ID that Qualys provides and paste it in AWS console.
5 - Find the policy titled "SecurityAudit" and select the check box next to it. Click Next: tags and then Next: Review. Show me
7 - Enter a role name (e.g. QualysCVRole) and click Create role. Show me
8 - Click on the role you just created to view details. Copy the Role ARN value and paste it into the connector details. Show me
1 - Download the CloudFormation template.
2 - Log in to Amazon Web Services (AWS) and go to CloudFormation.
3 - Create stack & upload template.
4 - When the stack is complete, copy the Role ARN value from the output and paste it into the connector details.