AWS Deployment Requirements
Everything you need to deploy the Internal Scanning Agent on AWS using the Detectify provided Terraform module.
Required Tools
Install these tools on your workstation:
| Tool | Version | Installation | Purpose |
|---|---|---|---|
| Terraform | >= 1.5.0 | terraform.io | Infrastructure provisioning |
| kubectl | >= 1.29 | kubernetes.io | Cluster management |
| AWS CLI | >= 2.0 | aws.amazon.com/cli | Interactive access to AWS |
# Make sure they're installed correctly
terraform version
kubectl version
aws --versionInfrastructure Requirements
AWS Access
See the official AWS documentation for Setting up the AWS CLI for guidance on setting up credentials.
Verify your credentials are working:
aws sts get-caller-identityThis should return your account ID and IAM identity.
VPC
| Requirement | Details | Purpose |
|---|---|---|
| VPC | Existing VPC with DNS support and DNS hostnames enabled | Network where the EKS cluster will be deployed |
| Private Subnets | 2+ subnets in different availability zones | EKS nodes run here, isolated from the internet |
| Outbound Internet | NAT Gateway or Internet Gateway for outbound access to *.detectify.com:443 | Job polling, scan results, container images |
Domain / Route53 (Optional)
To manage scans and findings via the Internal Scanning REST API, a DNS record and TLS certificate can created by the Terraform module.
Required for DNS setup:
- Private hosted zone — For scanner endpoint (internal DNS)
- Public hosted zone — For ACM certificate validation (ACM requires public DNS even if the scanner API endpoint is private)
This is only needed if you wish to manage scans and results without using the Detectify UI, and must do so over TLS.
Detectify Credentials
You need credentials from the Detectify platform. Find them at Internal Scanning Agents in the Detectify UI:
| Credential | Description | Used For |
|---|---|---|
| License Key | Unique identifier for your scanner instance | Scanner activation |
| Connector API Key | Authentication token for Detectify API | Job polling, results upload |
| Registry Username | Docker registry username | Pulling container images |
| Registry Password | Docker registry password | Pulling container images |
Don’t have credentials? Contact your Detectify account team or reach out to us to enable Internal Scanning.