Skip to main content

mondoo scan aws ec2 ebs

Scan an AWS instance using an EBS volume scan (requires AWS host)


Scan an AWS instance using an EBS volume scan. This requires that the scan be executed on an instance that is running inside of AWS.

mondoo scan aws ec2 ebs INSTANCEID [flags]


      --annotation stringToString        annotation for asset (default [])
--ask-pass ask for connection password
-t, --connection string set the method used to connect to the asset. supported connections are 'local://', 'docker://' and 'ssh://'
--detect-cicd tries to detect CI/CD environments and sets the asset category to 'cicd' if detected (default true)
--discover string enable the discovery of nested assets. Supported are 'all|auto|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString additional filter for asset discovery (default [])
-h, --help help for ebs
--id-detector string user-override for platform id detection mechanism, supported are hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
-i, --identity-file string selects a file from which the identity (private key) for public key authentication is read
--incognito incognito mode. do not report scan results to the Mondoo platform.
--insecure disable TLS/SSL checks or SSH hostkey config
--inventory-ansible set inventory format to ansible
--inventory-domainlist set inventory format to domain list
--inventory-file string path to inventory file
--no-pager disable interactive scan output pagination
--option stringToString addition connection options, multiple options can be passed in via --option key=value (default [])
-o, --output string set output format: compact, summary, full, report, yaml, junit, json, csv (default "compact")
--pager string enable scan output pagination with custom pagination command. default is 'less -R'
-p, --password string password e.g. for ssh/winrm
--path string path to a local file or directory that the connection should use
--policy strings list of policies to be executed (requires incognito mode), multiple policies can be passed in via --policy POLICY
--policy-bundle strings path to local policy bundle file
--score-threshold int if any score falls below the threshold, exit 1
--sudo run with sudo

Options inherited from parent commands

      --config string      config file (default is $HOME/.config/mondoo/mondoo.yml)
--log-level string set log-level: error, warn, info, debug, trace (default "info")
-v, --verbose verbose output