AWS Deployment Guide for Cavirin ARAP


Cavirin ARAP is available within the AWS Marketplace. The product linked is for the Bring Your Own License (BYOL) product. This requires a license key from Cavirin to utilize, please contact to purchase a license. You may also deploy one of the other AWS Marketplace products based on the number of devices you intend to scan which will then be billed directly to you through the AWS Marketplace. Follow the link for Cavirin ARAP AWS Marketplace products.

To subscribe to Cavirin ARAP click on the Continue button for the product you wish to subscribe to.

It is required to perform a Manual Launch, as seen below, to utilize AWS IAM Roles. Follow this link to get more information on AWS IAM Roles. You are not required to use an AWS IAM role however it is not considered best practices and you will be required to use static Access Keys when accessing your AWS account within Cavirin ARAP. Follow these directions to create an AWS IAM Role for use with Cavirin ARAP.

Click on Manual Launch tab and then click on Accept Terms. Now you will be able to click on the Launch with EC2 Console button for the region you want to deploy Cavirin ARAP into. ***Please make sure to select the proper region that you are wanting to scan. AWS does not support VPC Peering across regions which means the ARAP server will not be able to communicate\scan instances in VPCs in a different region. If you require to scan instances in multiple regions you will need to utilize the Distributed Scan Engine (DSE).


Choose m3.large as the instance type, click Next: Configure Instance Details button

Choose the Network and Subnet you would like to assign to the ARAP instance. It is recommended to Auto-assign Public IP to this instance to be able to access the web interface from outside the VPC. Set the IAM Role that was created for the Cavirin ARAP server, go here to learn how to create an IAM Role for ARAP. Click the Next: Add Storage button

Verify the Volume Type is set to General Purpose (SSD) and click Next: Tag Instance button.

Fill in the Name tag of this instance, such as Cavirin ARAP. Also add any other tags required by your organization, click Next: Configure Security Group button

Click the Add Rule button then input 443 into the Port Range to allow access to the https web interface. It is recommended to limit the scope of the Source so choose My IP to allow access only from the IP address of your workstation. If you require access from multiple locations then add those IP addresses in as new rules. Click the Review and Launch button.

Verify all the settings are correct and click the Launch button

Select a key pair that you have access to or create a new one. Check the box for acknowledgement and click the Launch Instance button.

While waiting for your instance to complete launching take note of the InstanceID for your newly launched server as this will be the password needed for your initial login.

Once the server is ready then you can access the Cavirin ARAP server by going to https://public_ip_address. This can be found by looking at the details of the instance in your EC2 control panel. When you connect to the Cavirin ARAP web interface for the first time you will be presented with a certificate error. This is OK to bypass - the reason is because the communications is secured with a self-signed certificate.

If you are using the BYOL product then when you first connect to the Cavirin ARAP server you will be prompted to upload your license key file. Browser for your key file and choose Save.


Now you can login. The username is “super-admin” and the password is the instanceID of the machine.


It is recommended to change your password. Click on the person icon on the top right and choose “Change Password”.


Enter the current password, your InstanceID, and then enter your new password twice.


Create a new user to log into the user console. Click on “Create user” and then enter all the information. Please note the username is case sensitive when logging in.


Now you can logout and log in as the newly created user.


Login with the newly created credentials and continue the initial setup. Here are some links to get you started:

How-to videos
Create Security Groups to allow Cavirin ARAP to scan your instances


Have more questions? Submit a request