Skip to main content

cnspec vuln aws ec2 ebs

Connect to an AWS instance using an EBS volume scan. This requires an AWS host.


Connect to an AWS instance using an EBS volume scan. This requires that the scan execute on an instance that is running inside of AWS.

cnspec vuln aws ec2 ebs INSTANCEID [flags]


      --annotation stringToString        Add an annotation to the asset. (default [])
--ask-pass Ask for connection password.
--detect-cicd Try to detect CI/CD environments. If successful, sets the asset category to 'cicd'. (default true)
--discover string Enable the discovery of nested assets. Supported: 'all|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString Additional filter for asset discovery. (default [])
-h, --help help for ebs
--id-detector string User override for platform ID detection mechanism. Supported: hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
-i, --identity-file string Select a file from which too read the identity (private key) for public key authentication.
--incognito Incognito mode. Do not report scan results to Mondoo Platform.
--insecure Disable TLS/SSL checks or SSH hostkey config.
--inventory-ansible Set inventory format to Ansible.
--inventory-domainlist Set inventory format to domain list.
--inventory-file string Path to inventory file.
-j, --json Set output to JSON (shorthand).
--no-pager Disable interactive scan output pagination.
--option --option key=value Additional connection options. You can pass multiple options using --option key=value (default [])
-o, --output string Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
--pager string Enable scan output pagination with custom pagination command. The default is 'less -R'.
-p, --password string Password, such as for SSH/WinRM.
--path string Path to a local file or directory for the connection to use
--policy --policy POLICY List policies to execute. This requires incognito mode. To scan multiple policies, pass --policy POLICY
-f, --policy-bundle strings Path to local policy bundle file.
--score-threshold int If any score falls below the threshold, exit 1.
--sudo Elevate privileges with sudo.

Options inherited from parent commands

      --api-proxy string   Set proxy for communications with Mondoo API
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose output