cnspec vuln aws

Connect to an AWS account or instance.

Synopsis

Connect to an AWS account or EC2 instance. cnspec uses your local AWS configuration for the account scan. See the subcommands to scan EC2 instances.

cnspec vuln aws [flags]

Options

      --annotation stringToString        Add an annotation to the asset. (default [])
      --ask-pass                         Ask for connection password.
      --detect-cicd                      Try to detect CI/CD environments. If successful, sets the asset category to 'cicd'. (default true)
      --discover string                  Enable the discovery of nested assets. Supported: 'all|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
      --discover-filter stringToString   Additional filter for asset discovery. (default [])
      --external-id string               External ID to use for assume-role.
  -h, --help                             help for aws
      --id-detector string               User override for platform ID detection mechanism. Supported: hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
  -i, --identity-file string             Select a file from which too read the identity (private key) for public key authentication.
      --incognito                        Incognito mode. Do not report scan results to Mondoo Platform.
      --insecure                         Disable TLS/SSL checks or SSH hostkey config.
      --inventory-ansible                Set inventory format to Ansible.
      --inventory-domainlist             Set inventory format to domain list.
      --inventory-file string            Path to inventory file.
  -j, --json                             Set output to JSON (shorthand).
      --no-pager                         Disable interactive scan output pagination.
      --option --option key=value        Additional connection options. You can pass multiple options using --option key=value (default [])
  -o, --output string                    Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
      --pager string                     Enable scan output pagination with custom pagination command. The default is 'less -R'.
  -p, --password string                  Password, such as for SSH/WinRM.
      --path string                      Path to a local file or directory for the connection to use
      --policy --policy POLICY           List policies to execute. This requires incognito mode. To scan multiple policies, pass --policy POLICY
  -f, --policy-bundle strings            Path to local policy bundle file.
      --profile string                   Pick a named AWS profile to use.
      --region string                    AWS region to scan.
      --role-arn string                  Role ARN to use for assume-role.
      --score-threshold int              If any score falls below the threshold, exit 1.
      --sudo                             Elevate privileges with sudo.

Options inherited from parent commands

      --api-proxy string   Set proxy for communications with Mondoo API
      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string   Set log level: error, warn, info, debug, trace (default "info")
  -v, --verbose            Enable verbose output

SEE ALSO

• cnspec vuln - Scans a target for Vulnerabilities.
• cnspec vuln aws ec2 - Connect to an AWS instance using one of the available connectors.