Enable Virtual Machine Security

This topic explains options to enable scanning Elastic Block Store (EBS) volumes attached to EC2 instances across multiple regions in an AWS account

Cloud App Analyzer's VM Scanner enhances cloud workload security by providing agentless scanning for AWS EC2 instances that have volumes attached. This robust solution addresses the growing complexity of securing workloads in cloud environments, focusing on:

  1. Vulnerabilities Assessment

  2. Antivirus and Malware Detection

  3. Exposed Secrets Identification

In the onboarding AWS wizard, we offer two methods to add VM scanning permissions that you can choose from :

Manually add VM scanning permissions

During the onboarding process, Cloud App Analyzer creates an IAM Role. For AWS EC2 scanning, Cloud App Analyzer requires several additional IAM permissions added to the Cloud App Analyzer IAM Role.

Do the following:

  • To add permissions manually to the IAM role, after onboarding AWS successfully, see the permissions in For AWS EC2 scanning.

Automatically add VM scanning permissions

To add permissions automatically to the IAM role, select Automatically,.

For a list of permissions that are added see For AWS EC2 scanning.