Base Account

The AWS connectors with cross-account role uses Qualys accounts. If you do not wish to use Qualys account, you can use the base account feature to set up the AWS connectors. You can configure to use your own AWS account as a base account while setting up the AWS Connectors instead of using Qualys account. You need to configure your AWS account ID with the base account you create.

For example, you have 3 AWS accounts: A1, A2, A3. All the three accounts belong to Global region. If you create a base account for Global region. All the connectors associated with A1, A2, and A3 accounts will use base account.

Create Base Account

Before you create a new connector, create a base account for the same account type (region). If you do not create a base account, you can still create a connector.

Go to Connectors > Connectors and then click Configure Base Account. Provide name, AWS account ID, access and secret keys and then select the account type. Show me

You can create only one base account per account type. Ensure that the AWS account ID for which you configure that base account has policies associated in the AWS console. Learn more

Edit Base Account

Select the base account you want to edit and click the quick action menu, then select Edit. You can edit name, AWS account ID, access keys and secret keys. You cannot edit the account type.

Updating Existing Connectors to Base Account

What happens if I delete the base account?

If you delete a base account, all the connectors that are associated with the base account will be automatically updated to Qualys account in Qualys Cloud Platform. However you need to go to your AWS account, update the Trusted Entities of the arn roles from base account ID to Qualys account ID.