What is AWS Inspector – an introduction
In the ever-growing threat landscape, ensuring the security of data within an organization's AWS (Amazon Web Services) environment is crucial. Amazon offers various security services to bolster protection. Among them is the Amazon Inspector service. This service plays a significant role in continuously scanning resources within AWS for package vulnerabilities and network exposure. By identifying vulnerabilities introduced by software packages, Inspector enables proactive measures to develop applications with adherence to best practices and policies. When a vulnerability or network exposure is detected, Inspector generates an event, commonly referred to as a finding, containing all pertinent information about the affected resources and the remediation required. The service supports scanning for EC2, ECR, and Lambda function resources. For pricing details, refer to the AWS Inspector Pricing page.
Types of findings:
Two major types of findings are supported by the Inspector:
- Package Vulnerability
- Network Reachability
Finding 1 - Package Vulnerability:
- This type of findings identify software packages in your AWS environment that are exposed to Common Vulnerabilities and Exposures (CVEs).
- EC2 are virtual machines in AWS environments on which a user can install different software packages, helper libraries,etc and it can also have existing support files.
- The Inspector helps in scanning these packages and find out if there are any vulnerabilities in versions of packages that are installed or the way that software is configured etc.
- For an inspector to scan your EC2 instance for vulnerabilities, it is mandatory that the system manager manages the EC2 instance.
- Another prerequisite is you need to enable the Inspector. Follow this document to enable Inspector - Activate Amazon Inspector.
How to check if a system manager manages an EC2 instance?
- Go to the System manager console in AWS account - https://us-east-1.console.aws.amazon.com/systems-manager
- Do a quick setup if not done already
- Go to Node management > Inventory
- On the inventory page, you will see a list of EC2s managed by the system manager. Verify if your EC2 is on the list.
Easiest way to enable system manager for EC2
- Go to the IAM manager in the AWS account -
- Click on Role > Create role
- Select trusted entity type as AWS service and common use cases as EC2
- Click on next
- Select policies - AmazonEC2RoleforSSM and AmazonSSMFullAccess
- Click on next > enter roles name > click on create role
- Once the role is created, go to EC2, for which you want to enable the system manager
- Click on actions > Security > Modify IAM role
- Select the IAM role created in step number 6 and attach it to EC2
- Once the role is updated. Verify EC2 in the inventory list of the system manager.