According to Qualys support, the current EC2 connector does not identify public IPs that are provisioned via the NAT gateway services. Page 23 of the referenced document indicates that the APIs that are used by the EC2 connector include DescribeInstances, DescribeImages, and DescribeNetworkInterfaces. As such, the current EC2 connector is only able to identify public (Internet-facing) EC2 resources if the public IP address is assigned directly to an EC2 interface. It does not include use of the DescribeNATGateways API call which would provide public addresses mapped via the NAT Gateways service.
Given that this is a very commonly used AWS service, and externally exposed assets are high on the list of things any organization would want visibility into, this seems to create a significant visibility gap for all Qualys customers, but are we the only ones concerned please?