Given AWS' prohibition on involving Small and Micro Instance Types in security scanning activities...
You will need to acquire a Qualys license for each virtual scanner appliance Instance you would like to run. This license is acquired from Qualys, not from AWS, and our scanner appliances are listed at AWS Marketplace with a BYOL (i.e., "bring your own license") model accordingly.
Each QualysGuard Virtual Scanner Appliance profile that you define in the QualysGuard UI will consume a single virtual scanner appliance license. If you delete a virtual scanner appliance profile from your QualysGuard subscription, that license is freed up and immediately available for re-use.
Contact your Qualys technical account manager or Qualys reseller for a pricing quotation or to request an evaluation.
Each virtual scanner appliance Instance will be launched into one of your own AWS accounts. You will be responsible for paying AWS for the costs of running the appliance. Those costs include:
- compute capacity, based upon Instance Type
- per-GB of provisioned storage
- per 1 million I/O requests
- data transfer IN/OUT
The compute capacity charges (i.e., CPU, RAM) are overwhelmingly the largest part of the costs to run an Instance.
Note that you are not required to keep your scanner appliance(s) running at all times. Any hours during which your Instance is Stopped will incur only per-GB provisioned storage charges. However, scanners should be turned on for at least several hours per week in order to ensure that they stay up-to-date with software and signatures.
See Amazon EC2 Pricing for their current rates.
Sample AWS Cost Exercise
This exercise uses AWS prices published as of 2013-10-10 for the US East Region.
Medium Instance Type
OPTION 1: On-Demand
You may run the QualysGuard Virtual Scanner Appliance as an m1.medium (general purpose) or c1.medium (compute-optimized). m1. medium is recommended for most use cases.
- Choosing The Correct Scanner AMI (Amazon Machine Image)
- How to subscribe to the virtual scanner AMI
- How to configure a virtual scanner using Amazon EC2/VPC
- AWS Acceptable Use Guidance For Scanning
2013-10-14 - Created