Create a role for cross-account access

Follow these steps to create an IAM role in AWS that will give Qualys cross-account access to your AWS resources. Then copy the Role ARN into your connector details.

1 - Log in to your Amazon Web Services (AWS) Console.

2 - Go to the IAM service.

3 - Go to Roles and click Create role.

4 - Under "Select type of trusted entity" choose "Another AWS account". Then: a) Paste in the Qualys AWS Account ID (from connector details), b) Select Require external ID and paste in the External ID (from connector details), and c) Click Next: Permissions. Show me

A unique external ID gets generated during connector creation in CloudView. You can copy the external ID that Qualys provides and paste it in AWS console.

5 - Find the policy titled "SecurityAudit" and select the check box next to it. Click Next: tags and then Next: Review. Show me

7 - Enter a role name (e.g. QualysCVRole) and click Create role. Show me

8 - Click on the role you just created to view details. Copy the Role ARN value and paste it into the connector details. Show me

Want to create a role using CloudFormation?

1 - Download the CloudFormation template.

2 - Log in to Amazon Web Services (AWS) and go to CloudFormation.

3 - Create stack & upload template.

4 - When the stack is complete, copy the Role ARN value from the output and paste it into the connector details.