What does Alert Logic need to perform a scan in Amazon Web Services?

For an Alert Logic® scan to work correctly in Amazon Web Services (AWS), two main factors are required:

Networking

Note: The below requirements are completed automatically for customers that have opted in to Automatic mode. Customers not in automatic mode should confirm that these items are set up.

An Alert Logic scanning appliance needs networking configured for:

• Bootstrap and backend communication to receive scan tasks
  • The following outbound connections should never be blocked:
    • tcp/22 - backend communication
    • tcp/53 - DNS queries
    • udp/53 - DNS queries
    • tcp/80 - package installation
    • tcp/443 - package installation and backend communication
• Performing scan tasks received from the backend. Note: All local traffic must be allowed between the scan appliance and target hosts.

Infrastructure

Note: The below requirements are completed automatically for customers that have opted in to Automatic mode. Customers not in automatic mode should confirm that these items are set up.

Your infrastructure must utilize the following resources to support Alert Logic scanning in AWS:

• An internet gateway for for internet connectivity for scan appliances
• A route table associated with security subnet and routing default traffic 0.0.0.0/0 to the internet gateway
• A security subnet where scan appliances are launched by the auto scaling group with the minimal /28 size by default
• Network access list changes (NACL) associated with the security subnet to have rules allowing for:
  •  Limited connections to the internet, and
  • Backend connections to scan local (VPC) instances for vulnerabilities
• NACLs associated with the target subnets allowing connections to scan local instances
• A security group associated with the scan appliances
• A launch configuration with the public IP assignment enabled to reach the internet via the internet gateway
• An auto scaling group to keep the desired number of scan appliances running