Configure Agentless Scanning for AWS

Log in to the Prisma Cloud administrative console.
Select
Compute > Manage > Cloud Accounts
.
Click the edit button of your cloud account.
Go to the
Agentless Scanning
section.
Expand the
Advanced settings
.

Enable Permissions check to verify that the permissions are correct before running a scan.
Scanning type
: For AWS accounts, you can decide between two scanning modes.
Same Account
: Scan hosts of your AWS account using that same account.
Hub Account
: Scan hosts of your AWS account using a different account. Select another onboarded account to scan the account you are onboarding from the list.
Enter a
Proxy
value if traffic leaving your AWS tenant uses a proxy.
Under
Scan scope
you can choose
All regions
to scan in all AWS regions. If you choose Custom regions, enter the AWS region in which you want Prisma Cloud to scan.
Enter tags under
Exclude VMs by tags
to further limit the scope of the scan.
Choose whether or not to
Scan non running hosts
.
Choose whether or not to enable
Auto-scale scanning
. If you disable auto-scale, specify number of scanners Prisma Cloud should employ.
Enter an optional
Security group
. If the default VPC isn’t available in all the regions of your AWS account, follow AWS instructions for creating a custom security group enabling an egress connection to Prisma Cloud on port 443 in the Amazon VPC Console.
Click Next.
Leave the
Discovery features
unchanged.
Click
Save
to return to
Compute > Manage > Cloud accounts
.