Skip to main content

mondoo scan aws

Scan an AWS account or instance

Synopsis

Scan an AWS account or EC2 instance. It will use your local AWS configuration for the account scan. See the subcommands to scan EC2 instances.

mondoo scan aws [flags]

Options

      --annotation stringToString        annotation for asset (default [])
--ask-pass ask for connection password
-t, --connection string set the method used to connect to the asset. supported connections are 'local://', 'docker://' and 'ssh://'
--detect-cicd tries to detect CI/CD environments and sets the asset category to 'cicd' if detected (default true)
--discover string enable the discovery of nested assets. Supported are 'all|auto|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString additional filter for asset discovery (default [])
-h, --help help for aws
--id-detector string user-override for platform id detection mechanism, supported are hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
-i, --identity-file string selects a file from which the identity (private key) for public key authentication is read
--incognito incognito mode. do not report scan results to the Mondoo platform.
--insecure disable TLS/SSL checks or SSH hostkey config
--inventory-ansible set inventory format to ansible
--inventory-domainlist set inventory format to domain list
--inventory-file string path to inventory file
--no-pager disable interactive scan output pagination
--option stringToString addition connection options, multiple options can be passed in via --option key=value (default [])
-o, --output string set output format: json, csv, compact, summary, full, report, yaml, junit (default "compact")
--pager string enable scan output pagination with custom pagination command. default is 'less -R'
-p, --password string password e.g. for ssh/winrm
--path string path to a local file or directory that the connection should use
--policy strings list of policies to be executed (requires incognito mode), multiple policies can be passed in via --policy POLICY
--policy-bundle strings path to local policy bundle file
--profile string pick a named AWS profile to use
--region string the AWS region to scan
--score-threshold int if any score falls below the threshold, exit 1
--sudo run with sudo

Options inherited from parent commands

      --config string      config file (default is $HOME/.config/mondoo/mondoo.yml)
--log-level string set log-level: error, warn, info, debug, trace (default "info")
-v, --verbose verbose output

SEE ALSO