I need to submit "AWS Vulnerability/Penetration Testing Request Form" in AWS account, but I do not have access to our AWS account. I am going to request access to our AWS support team. What type of access role should I request for this purpose?
Please check this link. Submit a Penetration Testing Request
If you are using Qualys Amazon EC2 Pre-Authorized Scanner then you don’t need to fill up this form.
For EC2 scanning with internal Pre-Authorized Scanner it is not required.
But, we will be also doing scan through external scanner. So does it require to fill up this form in this case?
We will be doing scan of target located on-premise (outside AWS environment) through MPLS link and this case scanner will be located in AWS. So, do we require to have fill this form?
AWS scanning policies for Amazon EC2 instances apply whenever an Amazon EC2 instance is involved as either the target or the source of a scan. You will have to go for approval if you are planning to use Qualys external scanners for scanning AWS instances. For your second use case as well I would recommend to get approval from AWS as the scanner will be deployed in the AWS.
For additional information check below Qualys community post.
AWS Acceptable Use Guidance For Scanning
Retrieving data ...