Home

Support for EC2 Scanning

Configure EC2 connectors for scanning EC2 instances for security issues using the Qualys Cloud Platform. Our connector wizard walks you through the steps - set up ARN authentication, select EC2 regions and activate your EC2 assets for scanning.

Support for Cross-Account Role Authentication for EC2 Connectors

This lets you grant Qualys access to your AWS EC2 instances without sharing your AWS security credentials. Qualys will access your AWS EC2 instances by assuming the IAM role that you create in your AWS account.

Click here to learn more

Base Account

The AWS connectors with cross-account role uses Qualys accounts. If you do not wish to use Qualys account, you can use the base account instead to set up the AWS connectors. Learn more

We recommend these helpful resources

Get an overview of the steps to secure Amazon Web Services using Qualys: steps to sync inventory and metadata from an AWS account, deploy Qualys sensors and scan without a penetration testing form, and view the security and compliance of your AWS EC2 instances.

Watch Video Series | Download User Guide

How to configure EC2 connectors

Go to the Connectors tab, select Create EC2 Connector and our wizard will walk you thru the steps.

Tip - We recommend you create at least one generic asset tag (for example EC2) and have the connector automatically apply that tag to all imported assets. You can add more tags to your EC2 assets based upon discovered EC2 metadata.

Enabling the EC2 connector for CloudView

Note: If you create a connector and select the Provide Role ARN later option, the Create connector for CV option is unavailable. To use the Create connector for CV option, you must provide the ARN while creating the connector.

Be sure to Activate your EC2 assets

We'll activate EC2 assets for scanning automatically so you don't have to take this extra step. Just configure the Tags and Activation step within the EC2 connector wizard. Then we'll activate them automatically as they are discovered and even assign them tags if you want.

Good to Know

If your connector is not configured to activate assets automatically you'll need to activate them manually. Learn more

AWS GovCloud (US) support

We're excited to support scanning EC2 instances in the region AWS GovCloud (US). Learn more

Looking for something else?

Activating EC2 assets

Can I disable a connector? Sure, no problem

Easily view assets imported by a connector

Run option - use to manually synchronize instance data

How to Delete a connector

What if my EC2 instances have IP address changes?

AWS assets: Status and behavior