Launching the Qualys Virtual Scanner Appliance in AWS Cloud via Cloud Shell
The following AWS CLI command creates an instance in the AWS cloud infrastructure.
The 'user-datafile://user_data_file.txt' option is where PERSCODE and Proxy server configuration, if any, should be specified.
The correct syntax is *file:///* if you use the full path to the user-data file; for a relative path, use file://
The following is example of user_data_file.txt, which contains only PERSCODE
PERSCODE=12345678901234
The following is example of user_data_file.txt, which contains PERSCODE and Proxy configuration. PERSCODE and PROXY_URL should be placed on separate lines, as shown:
PERSCODE=12345678901234
PROXY_URL=Proxy_user:Proxy_passwd@10.0.1.125:8080
Launch Qualys Scanner Using Command
Use the following command to launch the Qualys Scanner
aws ec2 run-instances [OPTIONS]
Required Parameters
|
Parameter |
Mandatory/ Optional |
Data type |
Description |
|---|---|---|---|
| image-id | Optional | string | The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template. |
| instance-type | Optional | string | The instance type. For more information, refer to Instance types in the Amazon EC2 User Guide |
| key-name | Optional | string | The name of the key pair. You can create a key pair using CreateKeyPair or ImportKeyPair
If you do not specify a key pair, you can not connect to the instance unless you choose an AMI that is configured to allow users another way to log in. |
| security-group-ids | Optional | list | The IDs of the security groups. You can create a security group using CreateSecurityGroup. |
| subnet-id | Optional | string |
[EC2-VPC] The ID of the subnet to launch the instance into. If you specify a network interface, you must specify any subnets as part of the network interface. |
| user-data | Optional | string |
Provide full path to your file containing PERSCODE and PROXY_URL settings |
Example: Launch a Qualys Scanner via AWS CLI
aws ec2 run-instances --image-id ami-0ae323672477e94b9 --count 1 --instance-type t2.large --key-name my_key --security-group-ids sg-453bdb64 --subnet-id subnet-53e1e5da --user-data file:///full_path_to_your_file/user_data.txt
With run-instances, the AWS CLI performs base64 encoding of the user data for you and you do not need to encode the 'user-data' or the contents of the 'user-data' file. For more information, refer to Amazon EC2 user guide.
If we need to update user data for a running instance later, we must encode it in base64 according to AWS CLI guidelines.
You can encode the user-data file's content by using the base64 command.
Example: (<user_data.txt openssl base64 -A)> user_data_base64.txt
For more information on launching instances on AWS cloud infrastructure, refer to Run-instances section from AWS documents.
Example: Launch Multiple Scanners via AWS CLI
There are several software tools and frameworks available to help deploy and manage multiple instances in AWS. Some popular examples are AWS CloudFormation and Terraform.
Here is an example showing how multiple instances can be deployed in AWS by using AWS CLI. The script launches multiple Qualys scanners with specified AMI, instance type, security key, security group , subnet-id and proxy, if available
The PERSCODEs should be listed on a single line, without comma between them.
- Without Proxy
#!/bin/bash PERSCODES=("70123456789047" "80123456789834" "901234567890") AMI_ID="ami-0ae123345678e54b9" INSTANCE_TYPE="t2.large" KEY_NAME="my_key" SECURITY_GROUP_ID="sg-123abc64" SUBNET_ID="subnet-67a1e5da" for personalization_code in ${PERSCODES[@]}; do aws ec2 run-instances \ --image-id $AMI_ID \ --count 1 \ --instance-type $INSTANCE_TYPE \ --key-name $KEY_NAME \ --security-group-ids $SECURITY_GROUP_ID \ --subnet-id $SUBNET_ID \ --user-data "PERSCODE=$personalization_code" done - With Proxy
#!/bin/bash PERSCODES=("11111111111111" "222222222222" "333333333333") AMI_ID="ami-1234567890" INSTANCE_TYPE="t2.large" KEY_NAME="my_key" SECURITY_GROUP_ID="sg-123abc4567" SUBNET_ID="subnet-23ab34aa3" PROXY="proxy_user:proxy_pass@10.86.1.113:3128" for personalization_code in ${PERSCODES[@]}; do aws ec2 run-instances \ --image-id $AMI_ID \ --count 1 \ --instance-type $INSTANCE_TYPE \ --key-name $KEY_NAME \ --security-group-ids $SECURITY_GROUP_ID \ --subnet-id $SUBNET_ID \ --user-data ""PERSCODE=$personalization_code" "PROXY_URL=$PROXY"" done
Virtual Appliance Connecting to Qualys Cloud Platform
Once launched, the Virtual Appliance connects to Qualys Cloud Platform. This step registers the Virtual Scanner Appliance with your Qualys account. Your appliance downloads all the latest software updates immediately and is ready for scanning.