This feature is not yet generally available. It is being offered in preview mode to selected customers. Please contact Aqua Security for more information.


What is AWS Auto-Discovery?

AWS Auto-Discovery is a feature available to users of the Enterprise plan of Aqua Platform SaaS Edition, who want to connect Aqua to an Amazon AWS cloud account. When the connection is made, Aqua will run a CloudFormation stack, allowing it to automatically discover AWS resources in your cluster(s). Resource categories discovered by Aqua are container images (and their registries), VMs, serverless functions, and other cloud resources (e.g., ECR registries).

Once discovered, the AWS resources will be scanned for security risks: malware, sensitive data, vulnerabilities, and misconfigurations. You can use all the security features of Workload Protection and CSPM to protect these resources, remediate risks, and continuously monitor their run-time operation for security threats.

Continual resource discovery

Aqua will continue to discover AWS resources in your cluster(s) and extend security protection to newly discovered assets. Once container image registries are discovered, Aqua will automatically search them for new and changed images, and pull all images found, on a daily basis (you can modify this behavior later).


Running Auto-Discovery is optional. You can also connect to your AWS cloud account manually, in the same manner that you can connect to Microsoft Azure and Google Cloud Platform accounts.

How can I see the AWS resources discovered?

AWS resources appear in all Aqua Platform SaaS Edition UI screens (as applicable to the category of resource). To name just a few examples:

  • The Inventory screen, also found within Aqua Hub, provides a convenient way to see your resources. You can filter the list of resources presented by category, risk type, and risk severity. You can also obtain detailed information about the resources and the risks associated with them. Refer to Inventory for more information.
  • In the Workload Protection module:
    • The Images screen shows all container images discovered, and detailed information about the images, security risks, recommended remediation actions, and much more information.
    • The Workloads area of the main menu contains pages of information about workloads running in your environments and their associated security issues. In the broader sense, workloads include containers, VMs, Kubernetes resources, and Kubernetes clusters.
  • In the CSPM module, the Scan Reports screen displays detailed information about security risks discovered while scanning your cloud resources.


  • An Enterprise plan of Aqua Platform SaaS Edition.
  • An AWS cloud account with permission to create CloudFormation and IAM resources, and to scan the image registries. 
  • Working knowledge of AWS resources and CloudFormation stacks

Running AWS Auto-Discovery

  1. With your browser, navigate to the Aqua Platform SaaS Edition URL provided by Aqua Security, Login with your email address and password. You should see a welcome screen like this:

    Note: If you don't see this welcome screen, you may have already connected a cloud account. In this case, Auto-Discovery is no longer available (see above); you may proceed with standard (manual) cloud account connections or integrations. 

  2. Click the aws tile with the Auto-Discovery banner. You will be taken to the screen shown below; follow the instructions:

  3. After you click Launch Stack, follow all standard AWS instructions. You may change the stack name, as long as it is unique. Click Create Stack. Aqua will start to discover your AWS resources, analyze them for security risks, and derive insights based on the risks.
  4. After you see the CloudFormation Stack Details screen, return to the browser tab running Aqua Enterprise. Click this button (no longer greyed out) to view the Aqua Hub Dashboard:

What to do next?

The time it takes Aqua to discover and analyze your AWS resources depends on the size and complexity of your environment. You may need to wait 30 minutes or more to begin to see resources and Insights on the Dashboard. To see complete results, we suggest that you wait at least 24 hours after launching the CloudFormation stack.

Refer to the Dashboard documentation for instructions on using the Dashboard, and reviewing the Top Insights related to potential security risks.