How do I Activate AMI Scan?

AMI Scan enables operating system vulnerability assessments of Amazon Machine Images (AMIs) using Qualys Zero-Touch Snapshot-based Scanning. It helps evaluate the security posture of AMIs before they are deployed into production environments.

What Do You Get with AMI Scans?

• Identify vulnerabilities in AMIs without requiring instance execution.
• Reduce risk by validating images before deployment.
• Ensure compliance by detecting misconfigurations and outdated components.
• Minimize workload disruption since scans are agentless and offline-capable.

How to Set Up AMI Scan with AWS Snapshot-based Scan?

You need an existing or new AWS Connector to set up AMI Scan 

1. Create a new AWS connector or edit an existing one
2. Navigate to the Tags and Activation section and select Enable AMI Scanning under the Enable Zero-touch Snapshot Based Scan checkbox.
   

• In the snapshot-based scan settings for service accounts, set the AMI parameter to Enabled. You can read more about configuring a service account for Snbapshot scans here.
• Optionally, enable AMI Offline Scan to re-run scans without engaging cloud resources.
• Review scan findings under the AMI Vulnerability Findings section in TotalCloud.

AMI Scan provides a reliable method to assess Amazon Machine Images before deployment. Proactively detecting vulnerabilities helps maintain secure, compliant environments without impacting operational workloads.