Launching Virtual Scanner Appliance on GovCloud with Access to AWS Marketplace

To secure the AWS GovCloud, you need to follow the appropriate instructions based on your Qualys platform type.

Deploying qVSA from AWS GovCloud on SCPs with Access to Commercial Marketplace

AWS GovCloud customers (US) can launch the Qualys Virtual Scanner Appliance image, which is available in the AWS Marketplace through the AWS GovCloud EC2 Console.

Prerequisites

To launch the Qualys Virtual Scanner Appliance from the Marketplace, the following prerequisites must be met:

  • Your AWS GovCloud subscription must have access to the AWS Commercial Marketplace to subscribe to the Qualys Virtual Scanner Appliance.
  • You must launch the Qualys Virtual Scanner Appliance virtual machine from one of the following GovCloud regions: 'us-gov-west-1' or 'us-gov-east-1'.

If your AWS GovCloud subscription cannot access the AWS Commercial Marketplace, refer to the section on deploying the qVSA from AWS GovCloud on PCPs or SCPs without access to the AWS Commercial Marketplace.

Launch Virtual Scanner Appliances in AWS GovCloud

The following are the steps to launch virtual scanner appliances in AWS GovCloud:

  1. Log in to your GovCloud account. Launch an instance from the EC2 GovCloud Console: EC2->Instances Launch and Instance.

  2. In the AMI search bar, search for qvsa in AWS Marketplace AMIs.
    Maketplace_ami

  3. Click Select.

  4. Proceed with Subscribe with Marketplace.

  5. Review the product’s terms and conditions. To subscribe to Qualys Virtual Scanner Appliance, choose Continue to Subscribe in the upper right and complete the subscription wizard. 

    subscription_wizard

  6. Use the wizard to enter AMI settings. Qualys now also supports V2 (token required) versions. In the Advance Details section, select the Metadata version accordingly. In the User data field, you must enter the personalization code you obtained from the Qualys user interface and optionally the proxy server (if used).

Personalization Code - Enter the personalization code that you obtained from Qualys, preceded by PERSCODE= 

Proxy Server (Optional) - Enter Proxy Server information on a separate line from the personalization code, preceded by PROXY_URL. A proxy server is used when your scanner does not have direct connectivity to the Qualys Enterprise TruRisk™ Platform. 

Enter proxy information in the format username:password@proxyhost:port If you have a domain user, the format is domain\username:password@proxyhost:port If authentication is not used, the format is proxyhost:port 

where proxyhost is the IPv4 address or the FQDN of the proxy server, port is the port the proxy server is running on. 

Example: 

PERSCODE=12345678901234 
PROXY_URL=jdoe:abc12345@10.40.1.123:3128 

If you use a proxy server, ensure that you configure the Amazon EC2 API Proxy server settings in Qualys UI.
For more information, refer to Define Amazon EC2 API Proxy settings in Qualys UI.

Virtual Appliance Connecting to Qualys Enterprise TruRisk™ Platform

Once launched, the Virtual Appliance connects to the Qualys Enterprise TruRisk™ Platform. This step registers the Virtual Scanner Appliance with your Qualys account. Your appliance also downloads all the latest software updates immediately and is ready for scanning.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.