Inspector

Security Specialty

Solution Architect Associate

  • Automated security assessment service that helps improve security and compliance of applications deployed on AWS
  • Assesses applications for vulnerabilities, deviations from best practices, and produces a detailed report with findings
  • Supports assessments on EC2 instances and VPCs
  • Can help to streamline security compliance processes
  • After performing an assessment, Inspector produces a detailed list of security findings prioritized by severity

How Does it Work?

  • Requires that you add at least one tag to your EC2 instance. This is because Inspector will evaluate all instances with the appropriate tag across your infrastructure. KNOW THIS!!!
  • You create an AssessmentTemplate, and you can choose a Rules Package.
    • AWS provides several of these by default that you can evaluate your EC2 instances against
    • You can also choose a duration for the template to run.
  • You can also create a Master Template that allows you to select multiple Rules Packages rather than having to choose one when you go ad-hoc, and run over a longer time (like 24 hours)
  • Generates reports for security vulnerabilities. KNOW THIS!!!

Types of Assessments

  • Network Assessments: Network configuration analysis. No agent required
  • Host Assessments: Vulnerable software (CVE) and hardening assessments. Inspector agent is required for this type of assessment
< Previous: IAM Next: KMS >