How to install a Scanner Appliance on AWS (beta)

Holm Security have developed a Scanner Appliance image for Amazon Web Services (AWS) using the latest security standards that AWS offers.

The image is distributed as an Amazon Machine Image (AMI) and allows any of our customers to spin up a Scanner appliance within their own AWS account. 

The AMI is making use of encrypted storage volumes, therefore the customer is required to set up a policy on their AWS account in order to be able to make use of the Scanner appliance. 

Preparation for the Scanner appliance in Security Center

  • ntpservers: NTP servers are limited to a maximum of 4.
  • token: Token taken from Security Center > Scanner Appliance section.
"ntpservers": ["",""],
"token": "nnnnnn"

This JSON config is added to the EC2 User data before booting the instance in AWS.

Steps to set up Scanner appliance in AWS

  1. Set up the Identity and Access Management (IAM) policy on your account where you will host the Scanner appliance, see below.
  2. Attach the policy to the user who will initiate the EC2 with the AMI.
  3. Share the follow information to (where the Scanner Appliance will run in your AWS account):
    • AWS Account ID
    • AWS Region
  4. Wait for confirmation from Support that the Scanner Appliance AMI is shared with your account and region.
  5. Confirm in your AWS account that you can access the shared AMI.

Network communication

Scanner appliance for the cloud have the same technical communication requirements. Please refer to this article and make sure outbound communication rules for your instance is opened properly:

Instance size

We recommend running the Scanner appliance using minimum m5.large in AWS. 

AWS IAM Policy

The below IAM policy needs to be created in your AWS account and attached to the user who will initiate the Scanner appliance AMI. It is required as we are using disk encryption on the AMI, to be able to read the Customer Master Key (CMK) from Holm Security. 

Suggested policy name: Holm-Security-Scanner-Appliance-ReadKMS 

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"Resource": [

 Note: Vulnerability test feed for AWS Scanner Appliance is updated on a weekly basis

Have more questions? Submit a request


Please sign in to leave a comment.