top of page

AWS Cloud Discovery Using twigs

Updated: Dec 28, 2022

Agent-less discovery of your AWS EC2 instances and installed packages leveraging AWS native inventory support.

Configuring your AWS Environment

Identify the instances that you need vulnerability tracking for via the AWS Console or AWS CLI. Ensure each of those instances have the SSM agent installed on them. More information can be found here,

Installing SSM on Linux sysman-install-ssm-agent.html

Installation SSM on Windows ( if needed ):

Setup Association

Setup an association between Systems Manager and State Manager using an AWS document ( AWSGatherSoftwareInventory ).

Setup Inventory Collection and Destination Bucket

Select the type of inventory that you would like to collect and a S3 bucket that will collect that inventory with bucket policy. Bucket prefix is not required to be specified in the policy.

Inventory in S3 Bucket

You should now see inventory in the S3 bucket for each instance that is configured for inventory collection. There will be a single JSON file corresponding to each instance.

Pull Asset Inventory Using twigs

Using the twigs CLI you can now pull the inventory into your ThreatWorx instance ( for public SaaS ).

twigs -v aws --aws_account "[ACCOUNT_ID]" 
-- aws_access_key "[AWS_ACCESS_KEY]" 
--aws_secret_key " [AWS_SECRET_KEY]" 
--aws_region "[AWS_REGION]" 
--aws_s3_bucket "[S3_BUCKET]" 

5 views0 comments

Recent Posts

See All


bottom of page