AWS scanning requirements

From version 7.1 onward, Lansweeper is capable of scanning VPCs and instances (virtual machines) hosted on the Amazon Web Services (AWS) cloud platform. An asset is created for each VPC that has instances connected to it and for each instance as well. Any EC2-VPC environment can be scanned. This article explains what the requirements are for AWS scanning and how to generate the access key required for scanning.

Requirements

To scan an AWS cloud environment, the following requirements must be met:

  • Your Lansweeper installation must be version 7.1 or higher.
  • Your Lansweeper license must support AWS scanning.
  • Your AWS environment must be an EC2-VPC environment. Scanning of old EC2-Classic environments is not supported.
  • Your VPCs and instances must be located in one of the following regions: Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), EU (Stockholm), South America (São Paulo), US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon).
  • Your Lansweeper scanning server must have access to the Internet.
  • You must provide Lansweeper with an access key that has programmatic access to AWS and list-only access to EC2. Your access key consists of an access key ID and secret access key. Lansweeper requires this access key to retrieve data from the AWS API.

Generating the access key

To generate the access key that you'll need to submit in Lansweeper for AWS scanning, do the following:

  1. Log into your AWS account.
  2. Browse to Identity and Access Management (IAM). One way to do this is by clicking this direct link.
  3. Select the Policies menu on the left and hit the Create policy button.
  4. Select the EC2 service, give full List access to it and hit Review policy
    AWS EC2 list policy
  5. Submit a name and description for your policy and hit Create policy
    AWS policy name and description
  6. Select the Users menu on the left and hit Add user
  7. Give your user a name, grant programmatic access to AWS and hit Next: Permissions
    AWS user programmatic access
  8. Choose the option Attach existing policies directly, select the policy you previously created and hit Next: Tags
    attaching a policy to a user in AWS
  9. Optionally, tag your user and hit Next: Review
  10. Check whether your submitted settings are correct and hit Create user
  11. On the resulting page, hit Show to display your secret access key. Copy both the access key ID and secret access key displayed on the page. This is what you'll need to submit as a credential in Lansweeper. You can configure AWS scanning in Lansweeper by following the instructions in this knowledge base article.
    AWS access key ID and secret access key
    You will not be able to see your secret access key again once you leave this page, so make sure you store it somewhere safe for future reference. If you do lose your secret access key, you will need to generate a new one in the user's Security Credentials tab. You can have up to two keys per user at a time. You can delete one key to replace it with another if required.

Related Articles