This page explains the requirements for scanning VPCs and instances (virtual machines) hosted on the Amazon Web Services (AWS) cloud platform using Lansweeper.
Lansweeper can scan VPCs and instances (virtual machines) hosted on the Amazon Web Services (AWS) cloud platform. An asset is created for each VPC that has instances connected to it and for each instance as well. Any EC2-VPC environment can be scanned.
This article explains what the requirements are for AWS scanning and how to generate the access key required for scanning.
Requirements
To scan an AWS cloud environment, the following requirements must be met:
- Your Lansweeper installation must be version 7.1 or higher.
- Your Lansweeper license must support AWS scanning.
- Your AWS environment must be an EC2-VPC environment. Scanning of old EC2-Classic environments is not supported.
- Your VPCs and instances must be located in one of the following regions: Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), AWS GovCloud (US-East), AWS GovCloud (US-West), Canada (Central), China (Beijing), China (Ningxia), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), South America (São Paulo), US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon).
- Your Lansweeper scanning server must have access to the internet.
- Your Lansweeper scanning server must be able to connect to https://*.amazonaws.com.
- You must provide Lansweeper with an access key that has programmatic access to AWS and list-only access to EC2. Your access key consists of an access key ID and secret access key. Lansweeper requires this access key to retrieve data from the AWS API.
Generate the access key
To generate the access key that you'll need to submit in Lansweeper for AWS scanning:
- Log into your AWS account.
- Browse to Identity and Access Management (IAM). One way to do this is by clicking this direct link.
- Select the Policies menu on the left and click the Create policy button.
- Select the EC2 service, and give list access to the following actions:
Spoiler- DescribeHosts
- DescribeImages
- DescribeInstances
- DescribeNetworkInterfaces
- DescribeVpcs
- DescribeVolumes
- DescribeElasticGpus
- DescribeSubnets
- DescribeInstanceCreditSpecifications
- DescribeSecurityGroups
- Select Review policy
- Submit a name and description for your policy and select Create policy.
- Select the Users menu on the left and select Add user.
- Give your user a name, grant programmatic access to AWS and select Next: Permissions.
- Choose the option Attach existing policies directly, select the policy you previously created and select Next: Tags.
- Optionally, tag your user and select Next: Review.
- Check whether your submitted settings are correct and select Create user.
- On the resulting page, select Show to display your secret access key. Copy both the access key ID and secret access key displayed on the page. This is what you'll need to submit as a credential in Lansweeper.
You can configure AWS scanning in Lansweeper by following the instructions in this knowledge base article.
Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.
