Skip to main content
The AWS integration lets you import targets directly from your AWS infrastructure.
Available on NetSec, WebNetSec, and Pentest Suite plans.

Benefits

Automatic discovery

Discover EC2 instances and S3 buckets automatically.

Stay current

Re-import at any time to pick up new instances and buckets.

Multi-region

Import from multiple AWS regions at once.

Private networks

Option to import private EC2 IP addresses.

Setting up AWS integration

1

Create IAM credentials

In AWS, create an IAM user with read-only permissions.
2

Configure integration

In Pentest-Tools.com, go to Settings > Integrations > AWS.
3

Enter credentials

Add your AWS Access Key ID and Secret Access Key.
4

Import targets

Select services and regions, then import.

IAM Configuration

Create an IAM user with minimal read-only permissions:

EC2 Permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:DescribeInstances",
      "Resource": "*"
    }
  ]
}

S3 Permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*"
    }
  ]
}
Use the principle of least privilege. Only grant the permissions needed for the services you want to import.

Supported services

ServiceWhat’s Imported
EC2Running instance IP addresses (public or private)
S3S3 bucket URLs

Import options

EC2 Options

OptionDescription
Public IPImport the public IP address of instances
Private IPImport the private IP address (requires VPN)
Only running EC2 instances are imported. Stopped and terminated instances are skipped.
Use private IP import with VPN if you need to scan instances that aren’t publicly accessible.

Region selection

Select which AWS regions to import from. EC2 instances are discovered in the selected regions. S3 buckets are global; the s3:ListAllMyBuckets API returns all buckets regardless of region selection.

Imported targets

When targets are imported:
  • EC2 instances appear as targets with the instance name and ID
  • S3 buckets appear as HTTPS URLs
  • Targets are added to your current workspace
  • You can scan them immediately after import

Example imported targets

SourceTarget Name
EC210.0.1.50 (AWS EC2 - WebServer i-1234567890abcdef0)
S3https://my-bucket.s3.amazonaws.com

Best practices

  • Create a dedicated IAM user for Pentest-Tools.com
  • Use read-only permissions only
  • Rotate access keys periodically
  • Import targets before major security assessments
  • Use workspaces to organize imported targets by environment

Troubleshooting

  • Verify IAM permissions are correct
  • Check that instances are in running state
  • Verify you selected the correct regions
  • Check Access Key ID and Secret are correct
  • Verify the IAM user is active
  • Check for copy/paste issues with credentials
  • Verify IAM permissions apply to all regions
  • Check for region-specific restrictions