Skip to main content

How to scan an AWS connection for Asset Discovery

Learn how to connect with AWS to use the Snyk API & Web Asset Discovery to identify assets from your attack surface.

Ana Pascoal avatar
Written by Ana Pascoal
Updated over 2 months ago

Oftentimes, people are not aware of all the assets (web pages and APIs) their organization has, which leads them to overlook their vulnerabilities and inadvertently have them (and the organization) exposed to potential cyber-attacks. With the Snyk API & Web Asset Discovery, you have a way of identifying your company’s assets so that you can effectively protect them before becoming a liability.

Scanning an AWS Route 53 connection for asset discovery involves two steps:

  1. Obtain AWS’s access key and secret access key

  2. Add the AWS Route 53 connection

This article describes these steps in detail.

Step 1: Obtain AWS’s access key and secret access key

To add an AWS Route 53 connection, you will need AWS’s access key and secret access key. To obtain them, follow these steps:

  1. Sign in to the AWS Management Console with your credentials.

  2. Go to the Identity and Access Managament (IAM) service:

    1. Type in “iam” in the search box.

    2. Select the IAM service.

  3. In the Users section, click on Create User.

  4. Type the User name (in our example, it is “test-user”), and click on Next.

  5. Select Attach policies directly, choose the desired policies to apply to the user, and click on Next.


    If you haven’t created the policy yet, you can click on Create policy, and use the example below to configure a policy to allow listing zones and resources from Route 53. After that, refresh the Permissions policies list.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "route53:ListHostedZones",
                    "route53:ListResourceRecordSets"
                ],
                "Resource": "*"
            }
        ]
    }

  6. Review the user settings, and click on Create user.

  7. With the user created, click on the user name in the list to view its details.

  8. Then, select the Security credentials tab, and click on Create access key.

  9. On the Access key best practices and alternatives screen, select Other, and click on Next.

  10. Type a tag description, if needed, and click on Create access key.

  11. In the next screen you can retrieve the Access key and the Secret access key.

Step 2: Add the AWS connection

In the Snyk API & Web app, add the AWS connection for asset discovery as follows:

  1. Select the DISCOVERY tab.

  2. Click the ADD SOURCE button to open the configuration modal.

  3. Select the Connect with AWS Route 53 option and click NEXT.

  4. On the next screen, fill in the AWS access key and AWS secret access key with the values obtained in step 1, and click CONNECT.

After successfully connecting with AWS, Snyk API & Web will start running regular Discovery scans automatically on your account. In the Snyk API & Web app, check the DISCOVERY tab and, once the asset discovery is finished, you should have all the newly found assets added to the list. At the top of the page, you have information on the number of newly found assets, which you can click on to filter them in the list.

Did this answer your question?