Support for Cross-Account Role Authentication for EC2 Connectors

Qualys now supports the creation of AWS EC2 connectors using a cross-account access role. This allows you to grant Qualys access to your AWS EC2 instances without sharing your AWS security credentials. Qualys will access your AWS EC2 instances by assuming the IAM role that you create in your AWS account. This eliminates the overhead of management of IAM user keys in your Qualys subscription.


- Create new connectors using ARN authentication

- Upgrade existing connectors from access key based authentication to ARN authentication

- Automate creation using Cloud Formation Template, downloadable directly from the UI

- REST API support to programmatically setup and update EC2 connectors

With this update

- New connectors via UI can only be created as ARN based connectors and not with keys.

- Support for key based connectors will be discontinued after 180 days.

- Create only one connector for each unique AWS account. It's recommended that you merge multiple EC2 connectors into one by removing duplicate connectors before you upgrade to ARN.

Learn more

Securing Amazon Web Services using Qualys (pdf)