Skip to main content

Bitdefender Security for AWS compatibility and requirements

Bitdefender Security for Amazon Web Services is a security solution designed for cloud infrastructures and integrated with GravityZone Cloud Control Center. An innovative and comprehensive solution, Bitdefender Security for AWS protects Amazon EC2 instances running Windows or Linux operating systems.

This section provides you with comprehensive information on the compatibility and requirements of Bitdefender Security for AWS.


Bitdefender Security for AWS is exclusively compatible and integrates with the Amazon Elastic Compute Cloud (Amazon EC2) web service. To use Bitdefender Security for AWS, you need an account on the GravityZone Cloud Control Center (Security Console) and to install BEST on each instance to be protected. You can obtain an account by registering here.

Control Center requirements

Control Center can be accessed from the following web browsers:

  • Internet Explorer 9+

  • Mozilla Firefox 14+

  • Google Chrome 15+

  • Safari 5+

  • Microsoft Edge 20+

  • Opera 16+

Internet connection is needed.

Supported guest operating systems

Bitdefender Security for AWS protects instances running one of the following operating systems:

  • Windows Server 2022 Core

  • Windows Server 2022

  • Windows Server 2019 Core

  • Windows Server 2019

  • Windows Server 2016 / Windows Server 2016 Core

  • Windows Server 2012 / Windows Server 2012 R2

  • Windows Server 2008 / Windows Server 2008 R2

  • Red Had Enterprise Linux / CentOS 6.0 or higher

  • Ubuntu 14.04 LTS or higher

  • SUSE Linux Enterprise Server 11 SP4 or higher

  • OpenSUSE Leap 42.x

  • Fedora 25 or higher

  • Debian 8.0 or higher

  • Amazon Linux AMI 2016.09 or higher

  • Oracle Linux 6.3 or higher

  • Amazon Linux 2

Amazon credentials

For subscribing to Bitdefender Security for AWS as a direct customer, you must first have an active AWS account. As a best practice, it is strongly recommended that you create and use IAM user accounts associated to your AWS root account.

Moreover, make sure to use a production account where you will be charged by AWS on a monthly basis for using the Bitdefender service.

For details about subscribing to Bitdefender Security for AWS, refer to Subscribing to Bitdefender Security for Amazon Web Services in AWS Marketplace.

The Amazon EC2 integration in GravityZone is now based on cross-account access login. This procedure avoids sharing long-term AWS credentials, such as Access Key ID and Secret Access Key.

The Amazon EC2 integration procedure requires you to provide an ARN (Amazon Resource Name - unique identifier for AWS resources) associated with a role attached to your AWS user account.

It is recommended to set up the Amazon integration using an IAM user account created specifically for this purpose. The IAM user requires IAMFullAccess permission to be able to create the role required for the AWS integration in GravityZone.

Before starting to configure the AWS integration:

  • Make sure you have the appropriate AWS user account credentials at hand.

  • Open the AWS Console and GravityZone Control Center in two browser tabs, at the same time. You will need to work on both of them to create the AWS integration successfully.

For details about integrating GravityZone with your Amazon EC2 instances, refer to Setting up the GravityZone integration with Amazon EC2 using a cross-account role.

Communication ports to be added in AWS Security Groups

Here are the ports that you need to add in Amazon Security Groups for ensuring proper communication between Bitdefender security agents, Security Servers and the Security Console.

Amazon EC2 security groups must allow inbound access to SSH and RDP during the BEST installation on instances. If you run firewall software on your instances, make sure to configure it to allow access to all of the previously specified ports.



SSH (22)

Port used to access instances running on Linux.

RDP (3389)

Port used to access instances running on Windows.


Communication port between Silent Agent and Security Console.

7081 / 7083 (SSL)

Communication port between BEST and the scan daemon running on the Security Server hosted in the corresponding AWS region.

80 / 7074 (Relay)

Communication ports used by BEST for updates.

The ports must be added also by users that have VPC instances in Amazon Web Services. Our recommendation is to add as a source address but, if you require to allow traffic only for specific IP addresses, please contact Bitdefender customer support.