From version 7.1 onward, Lansweeper is capable of scanning VPCs and instances (virtual machines) hosted on the Amazon Web Services (AWS) cloud platform. An asset is created for each VPC that has instances connected to it and for each instance as well. Any EC2-VPC environment can be scanned. This article explains what the requirements are for AWS scanning and how to generate the access key required for scanning.
To scan an AWS cloud environment, the following requirements must be met:
- Your Lansweeper installation must be version 7.1 or higher.
- Your Lansweeper license must support AWS scanning.
- Your AWS environment must be an EC2-VPC environment. Scanning of old EC2-Classic environments is not supported.
- Your VPCs and instances must be located in one of the following regions: Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), EU (Stockholm), South America (São Paulo), US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon).
- Your Lansweeper scanning server must have access to the Internet.
- You must provide Lansweeper with an access key that has programmatic access to AWS and list-only access to EC2. Your access key consists of an access key ID and secret access key. Lansweeper requires this access key to retrieve data from the AWS API.
- Your Lansweeper server must be able to connect to https://*.amazonaws.com
Generating the access key
To generate the access key that you'll need to submit in Lansweeper for AWS scanning, do the following:
- Log into your AWS account.
- Browse to Identity and Access Management (IAM). One way to do this is by clicking this direct link.
- Select the Policies menu on the left and hit the Create policy button.
- Select the EC2 service, give full List access to it and hit Review policy
- Submit a name and description for your policy and hit Create policy
- Select the Users menu on the left and hit Add user
- Give your user a name, grant programmatic access to AWS and hit Next: Permissions
- Choose the option Attach existing policies directly, select the policy you previously created and hit Next: Tags
- Optionally, tag your user and hit Next: Review
- Check whether your submitted settings are correct and hit Create user
- On the resulting page, hit Show to display your secret access key. Copy both the access key ID and secret access key displayed on the page. This is what you'll need to submit as a credential in Lansweeper. You can configure AWS scanning in Lansweeper by following the instructions in this knowledge base article.You will not be able to see your secret access key again once you leave this page, so make sure you store it somewhere safe for future reference. If you do lose your secret access key, you will need to generate a new one in the user's Security Credentials tab. You can have up to two keys per user at a time. You can delete one key to replace it with another if required.