You'll find various Amazon Machine Image (AMI) products from Qualys in the AWS Marketplace. See below for helpful information on choosing the correct image for your intended use.
Scanners available for use with Qualys® Vulnerability Management (VM) and Qualys® Policy Compliance (PC):
Latest image version 2.2.27-2
EC2 Scan (and Schedule EC2 Scan) offers a specialized and restricted workflow within Qualys Vulnerability Management (VM) and Qualys Policy Compliance (PC) which only allows for the targeting of Amazon EC2-VPC and Amazon EC2-Classic instances which have been discovered by an EC2 Connector configured in Qualys AssetView.
In collaboration with AWS, Qualys has built safeguards into this EC2 scanning capability which ensure that all AWS scanning policies will be followed and that scanning will not inadvertently target other Amazon customers’ EC2 or VPC instances. For example, the EC2 Scan will not allow Small or Micro instance types to be targeted, as there is a blanket prohibition against this per AWS. Amazon EC2 instances discovered by a Qualys Connector are tracked and targeted by their Amazon Instance ID (e.g., i-3010d452), and the scanner does a scan-time lookup against EC2 APIs to learn the current IP address of the instance.
A special Pre-Authorized Scanning distribution of the QualysGuard Virtual Scanner Appliance AMI in AWS Marketplace is required for use with this restricted workflow. EC2 instances which are launched from the official Pre-Authorized Scanning AMIs published by Qualys at AWS Marketplace have been "white-listed" by AWS and are, therefore, eligible to operate at all times.
This Qualys® Virtual Scanner Appliance (Pre-Authorized Scanning) AMI is currently only available for use with the EC2 Scan workflow within Qualys Vulnerability Management and Qualys Policy Compliance and will only be an available scanner selection when you are in this workflow. It will not appear as an available scanner in standard Scan workflow, nor will "standard" scanners appear as an available scanner in the EC2 Scan workflow.
The standard Qualys® Virtual Scanner Appliance AMI should be used for all other scanning activities on Amazon EC2-VPC and Amazon EC2-Classic. This includes the standard Scan (and Schedule Scan) workflow within Qualys Vulnerability Management, Qualys Policy Compliance and Qualys Web Application Scanning.
The Qualys Virtual Scanner Appliance AMI is not available for use with the EC2 Scan workflows. It will not appear as an available scanner in the EC2 Scan workflow, nor will Pre-Authorized Scanning scanners appear as an available scanner in the "standard" workflow.