Skip to main content

cnspec shell aws

Connect to an AWS account or instance.


Connect to an AWS account or EC2 instance. cnspec uses your local AWS configuration for the account scan. See the subcommands to scan EC2 instances.

cnspec shell aws [flags]


      --ask-pass                         Prompt for connection password
-c, --command string MQL query to execute in the shell
--discover string Enable the discovery of nested assets. Supported: 'all|auto|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString Additional filter for asset discovery. (default [])
-h, --help help for aws
--host-machines Also scan host machines like ESXi server.
-i, --identity-file string Select a file from which to read the identity (private key) for public key authentication.
--insecure Disable TLS/SSL checks or SSH hostkey config.
--instances Also scan instances. This only applies to API targets like AWS, Azure or GCP.
--option --option key=value Additional connection options. You can pass multiple options using --option key=value. (default [])
-p, --password string Set the connection password, such as for SSH/WinRM.
--path string Path to a local file or directory for the connection to use.
--platform-id string Select an specific target asset by providing its platform ID.
--profile string pick a named AWS profile to use
--region string the AWS region to scan
--sudo Elevate privileges with sudo.

Options inherited from parent commands

      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose output