Amazon Inspector
Learn how to automatically scan EC2 instances, ECR containers, and Lambda functions against any software vulnerabilities using Amazon Inspector.
We'll cover the following
AWS Inspector is a security assessment service that helps users automate the process of assessing the security and compliance of our AWS resources. It allows users to identify security vulnerabilities, compliance issues, and deviations from security best practices within our EC2 instances, container images in Amazon Elastic Container Registry (Amazon ECR), and Lambda functions. It uses a predefined set of rules for this assessment and generates its findings in case of any vulnerability.
How Amazon Inspector works
Amazon Inspector can centrally manage multiple accounts through a single account using AWS Organizations. Amazon Inspector provides a set of predefined rules and benchmarks based on industry best practices and standards such as CIS (Center for Internet Security) benchmarks. These rules cover various security domains, including network security, host security, and application security. We can also create custom assessment templates tailored to our specific security requirements and compliance standards.
It continuously monitors and analyzes the security configuration of AWS resources and identifies security vulnerabilities, misconfigurations, and deviations from the defined rules. AWS Inspector generates detailed findings and recommendations based on the results of security assessments. It provides actionable insights into security vulnerabilities and compliance issues, along with recommendations for remediation.
Amazon Inspector score
The Amazon Inspector score is a numerical value assigned to each finding discovered during a security assessment conducted by the Amazon Inspector. This score represents the severity of the security issue identified by the Amazon Inspector, helping users prioritize and address security vulnerabilities effectively.
The score is calculated based on various factors, including the impact and likelihood of the security issue, as well as its potential to compromise the security of the AWS resources or applications. A higher score indicates a more critical security issue that requires immediate attention and remediation. Amazon Inspector provides detailed findings for each discovered vulnerability, including information about the affected AWS resources, the severity of the issue, and recommendations for remediation. The score helps users quickly assess the severity of the findings and prioritize the remediation efforts based on the potential risk posed to our environment.
Which resources does Amazon Inspector scan?
Amazon Inspector provides automatic scanning support for the following AWS resources:
Amazon EC2 instances: We can use agent-based and agentless scan methods for EC2 instances. The agent-based scan method uses a Security System Manager (SSM) agent to analyze against unintended network accessibility and package vulnerabilities. For agentless scan mode, the Amazon Inspector utilizes Amazon EBS snapshots.
Amazon ECR containers: Amazon Inspector also scans the container images, such as Docker images in Amazon ECR, against any software vulnerabilities. Amazon Inspector scans whenever we push a new container image to the ECR and whenever a new common vulnerabilities and exposures (CVE) item is added by Amazon Inspector.
AWS Lambda functions: Amazon Inspector can also automatically scan the Lambda functions and layers against software vulnerabilities and code vulnerabilities.
Get hands-on with 1300+ tech skills courses.