Support
Invicti Enterprise On-Premises

Cloud Provider Settings

This document is for:
Invicti Enterprise On-Premises

In Invicti Enterprise, Scan Agents are usually installed manually by users, and the host machines of those Scan Agents need to be kept running to run a Scan with an Agent on those machines.

When a Cloud Provider is configured, Invicti Enterprise will also scale the Scan Agents. This means that when a scan is started, Invicti Enterprise automatically starts an instance, runs the scan, and then terminates that instance.

Cloud Provider Settings are only available in Invicti Enterprise On-Premises edition.

Currently, Amazon Web Services (AWS) is the only supported Cloud Provider. For more information, refer to Configuring Invicti Enterprise for Amazon Web Services.

This document explains enabling cloud integration on the Cloud Provider Settings page.

NOTE: If you enable Cloud integration, then your targets need to have the Agent Mode set to Cloud, and if using an Auth Verifier Agent, you need to configure it as "AgentType": "Cloud" in the appsetting.json file. Read more in the Authentication verifier settings document.

How to enable Cloud Integration

  1. Select Settings > Cloud Provider from the left-side menu.
  2. Select the Cloud Integration checkbox to display additional fields.

  1. Complete the fields:
  1. AWS Authentication Method: Select either AWS Access/Secret Keys or IAM Roles to assign permissions for trusted identities (e.g., workforce or applications) to perform actions within AWS.
  2. Website Access Key: The access key for an AWS IAM user specific to the web application.
  3. Website Secret Key: The secret key for an AWS IAM user specific to the web application.

NOTE: Access keys and Secret keys are special tokens that allow our services to communicate with your AWS account through AWS API. They are not mandatory fields when the IAM role is selected.

  1. Agent Access Key: The access key for an AWS IAM user specific to the agent.
  2. Agent Secret Key: The secret key for an AWS IAM user specific to the agent.
  3. Deployment Bucket Name: The S3 bucket name used to store deployed binaries.
  4. Region Endpoint Name: AWS regions available for client configuration (e.g., us-east-1).
  5. Scan Data Bucket Name: The S3 bucket name used to store scan data.
  6. Screenshot Bucket Name: The S3 bucket name used to store screenshots.
  7. EC2 Agent Image ID: The image ID for the AWS EC2 agent.
  8. EC2 Agent Instance Name: The Name Tag assigned to the AWS EC2 agent instance.
  9. EC2 Agent Security Group: The security group name for the AWS EC2 agent instance.
  10. EC2 Agent Instance Type: The AWS EC2 instance type used for scans (e.g., m5.large).
  11. EC2 Subnet ID: The VPC Subnet ID for the AWS EC2 agent instance.
  12. EC2 Agent IAM Profile ARN: The IAM Role ARN for the EC2 agent (optional).
  13. EC2 Key Pair Name: The key pair used when launching EC2 instances.
  1. Select Save.