Home

Create a role for cross-account access

Follow these steps to create an IAM role in AWS that gives Qualys cross-account access to your AWS resources. Then copy the Role ARN into your connector details.

1 - Log in to your Amazon Web Services (AWS) Console.

2 - Go to the IAM service.

3 - Go to Roles and click Create role.

4 - Under "Select type of trusted entity" choose "Another AWS account". Then: a) Paste in the Qualys AWS Account ID (from connector details), b) Select Require external ID and paste in the External ID (from connector details), and c) Click Next: Permissions. Show meShow me

Role creation in AWS console.

A unique external ID gets generated during connector creation in CloudView. You can copy the external ID that Qualys provides and paste it in AWS console.

5 - Depending on the type of connector you are creating, select the following policies:

6 - Click Next: Tags.

7 - Click Next: Review.

8 - Enter a role name (e.g. QualysCVRole) and click Create role.

AWS Create Role Screen

9 - Click on the role you just created to view details. Copy the Role ARN value and paste it into the connector details

Want to create a role using CloudFormation?

Create Role for Organization Connectors Via Stacks

1 - Download the CloudFormation template from the Organization Details step on the Create Organization Connector screen.

2 - Log in to Amazon Web Services (for organization) and go to CloudFormation.

3 - Click Create stack and select 'With new resources(standard)'

4 - Select upload a template file under the Specify Template section

Specify template

5 - Upload the template and click Next

6 - On the Specify stack details step, enter the Stack name and click Next

Specify stack details

7 - Configure stack options such as key-value pairs, permissions or other fields. This step is optional.

8 - Accept the IAM acknowledgment for resource creation and select Create Stack. The stack creation is initiated. Wait for the CREATE_COMPLETE status.

Confirm create stack

9 - When the stack is complete, copy the Role ARN value from the output and paste it into the connector details.

RoleARN

Create Role for Member Connectors via StackSet

AWS StackSets enables you to automate the process of applying the Organization's role across multiple accounts in a single operation.

1 - Download the CloudFormation template from the Member Connector Details step on the Create Organization Connector screen.

2 - Log in to Amazon Web Services and go to CloudFormation.

3 - On the AWS management console, select Services > CloudFormation > StackSets > Create StackSet.

Specify template for Stackset

4 - Upload the template file and click Next, then enter a StackSet Name.

Specify stackset details

5 - Configure stackset options. This step is optional.

6 - Next, select whether the stackset deploys stack instances to Organization or Organizational Units.

Set deployment options

7 - Specify the region where the stacks will be deployed.

Specify regions

8 - Accept the IAM acknowledgment for resource creation and select Submit.

Confirm create stackset

9 - When the stackset is complete, copy the Role Name value from the output and paste it into the connector details.

Note: The downloaded templates will use the pre-defined RoleName. If you wish to have a custom RoleName, you must edit the template.