Prerequisites for AWS Assessment

  • Updated on Mar 30, 2026
  • Published on Feb 27, 2026
  • 1 minute(s) read
Prev Next

Before initiating an AWS environment assessment, ensure the following requirements are met.

IAM Role and Permissions

The user initiating the assessment must:

  • Have permission to create an IAM role, or

  • Have the permissions defined in the AWS Assessment Permission Mode that will be used by the assessment application.

AWS Systems Manager (SSM Agent)

  • The AWS account where the assessment is performed must have the AWS Systems Manager (SSM) Agent installed on EC2 instances.

  • If IAM permissions for SSM are not configured, Lucidity recommends using the Comprehensive Permission Mode.

Lucidity uses SSM to securely execute lightweight, read-only commands to collect disk utilization metadata.

You may refer to the AWS documentation for a list of AMIs that include the SSM Agent by default.

To understand the SSM commands executed during the assessment, see: Lucidity Assessment for AWS: SSM Send Command

Additional Prerequisites for Desktop App–Based Assessment

System Support and Downloads

Desktop App–based assessments are supported only on hosts running:

  • Windows: Windows 10 or later

  • Linux: Ubuntu 20.04 or later

Network Whitelisting and Firewall Configuration

For Desktop App–based assessments, ensure the host running the assessment application can access the following Lucidity endpoints:

dash-back.lucidity.dev
audittool.lucidity.dev
web.lucidity.dev
web-azurepls.lucidity.dev
analytics.lucidity.dev
*.lucidity.dev
audittool.s3.ap-south-1.amazonaws.com
d2vcv9qjomnl0x.cloudfront.net

Note

  • If access to *.lucidity.dev is allowed, there is no need to whitelist individual subdomains.

  • Additionally, users must allow executable downloads from: https://audittool.lucidity.dev/*

Network Whitelisting for AWS Service Endpoints

Lucidity uses AWS APIs to collect disk utilization metadata and generate cost savings reports. The host running the assessment must allow outbound access to:

sts.amazonaws.com
iam.amazonaws.com
ce.us-east-1.amazonaws.com
ec2.<region>.amazonaws.com
ssm.<region>.amazonaws.com
*.amazonaws.com

Note

Network whitelisting requirements apply only to Desktop App–based assessments. No additional whitelisting is required when running assessments directly from the dashboard.

Next: Get Started with Lucidity Assessment for AWS

Related articles