Get Started with AWS Connectors
The AWS Connector enables security teams to automatically discover and scan instances across AWS environments for vulnerabilities through Qualys TotalCloud.
By establishing cross-account access via assumed roles, the connector eliminates manual account management while supporting both individual accounts and entire AWS organizations. The connector automatically creates connectors for new accounts and disables them for removed ones, ensuring continuous coverage as infrastructure evolves.
This automation reduces operational overhead and enables teams to maintain comprehensive visibility into their cloud security posture without ongoing manual intervention.
How does the AWS connector work?
Qualys connects to your AWS account through a simple two-step process. First, it creates a session using a role in the Qualys AWS Base Account. Then, it performs an assumerole operation with the role you set up in your member account to gain required access.
The AWS connectors with cross-account roles use Qualys AWS Base accounts. If you do not wish to use a Qualys account, you can use the base account instead to set up the AWS connectors. Learn more.
Now, for an Organization connector, Qualys Connector follows the same process but uses the organization role to discover all accounts and organization units in your AWS environment. It compares this current account list with previous records, automatically creating connectors for new accounts and disabling them for removed ones. This ensures your AWS organization stays properly connected without requiring any manual intervention.
Refer to the flow below to understand how the member and organization connector operates.
Get Started |
Resources |
|---|---|
|
Onboard Your AWS Account |
Onboard AWS Account with Qualys |
|
View and Manage Assets
|
|
|
Manage Your Connectors
|
|
|
Additional Resources |