Skip to main content

cnspec scan aws ec2 ebs

Scan an AWS instance using an EBS volume scan. This requires an AWS host.


Scan an AWS instance using an EBS volume scan. This requires that the scan execute on an instance that is running inside of AWS.

cnspec scan aws ec2 ebs INSTANCEID [flags]


      --annotation stringToString        Add an annotation to the asset. (default [])
--ask-pass Ask for connection password.
--asset-name string User override for the asset name.
--detect-cicd Try to detect CI/CD environments and, if successful, set the asset category to 'cicd'. (default true)
--discover string Enable the discovery of nested assets. Supported: 'all|auto|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString Additional filter for asset discovery. (default [])
-h, --help help for ebs
--id-detector string User override for platform ID detection mechanism. Supported: hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
-i, --identity-file string Select a file from which to read the identity (private key) for public key authentication.
--incognito Run in incognito mode. Do not report scan results to Mondoo Platform.
--insecure Disable TLS/SSL checks or SSH hostkey config.
--inventory-ansible Set the inventory format to Ansible.
--inventory-domainlist Set the inventory format to domain list.
--inventory-file string Set the path to the inventory file.
-j, --json Set output to JSON (shorthand).
--option --option key=value Additional connection options. You can pass multiple options using --option key=value. (default [])
-o, --output string Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
-p, --password string Password, such as for SSH/WinRM.
--path string Path to a local file or directory for the connection to use.
--policy strings Lists policies to execute. This requires incognito mode. You can pass multiple policies using --policy POLICY
-f, --policy-bundle strings Path to local policy bundle file.
--props stringToString Custom values for properties (default [])
--score-threshold int If any score falls below the threshold, exit 1.
--share create a web-based private reports when cnspec is unauthenticated. Defaults to false.
--sudo Elevate privileges with sudo.

Options inherited from parent commands

      --api-proxy string   Set proxy for communications with Mondoo API
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose output