May 13, 2020 / Nirav Shah
AWS inspector is a security tool that helps to improve the security and compliance of applications on AWS EC2. Using Amazon Inspector, you can easily automate security testing across development, test, and production environments. AWS Inspector produces a detailed list of security findings prioritized by level of severity so that you can easily see them in the Amazon Inspector console or API and mitigate the associated risks.
As we know that security is one of the main concerns for any organization, so AWS Inspector helps to improve the overall application security by examining it when an application is in production or is being developed or deployed. It also assesses the accessibility and vulnerability in your EC2 setup.
Amazon Inspector agent: Inspector agents are installed on the EC2 instances. These agents collect the data associated with installed software and send it to AWS Inspector services.
Assessment target: Normally it is a set of EC2 instances which you want to assess for vulnerably. Targets are identified by unique tags.
Rules and rules package: Checks are performed on the IT resources based on certain rules. The collection of a rule is a rules package which are often updated by security researchers at AWS.
Telemetry: Behavioral or configuration data collected from EC2 instances by the inspector agent is called Telemetry.
Finding: Findings are the issues discovered by the inspector.
First we need to install the AWS agent on each instance. In order to do that, first download the agent script by running following the commands:
To install the agent, run sudo bash install.
This will successfully install AWS agent on your EC2 instance.
Next, Sign into the AWS Management Console and open the Amazon Inspector. And on the prerequisites page, click on rChoose or Create role
Specifying the newstr IAM role created. Click Allow.
Now on Define an assessment target page, specify the name of the assessment target and in the Tags field, select Key as Name and value as the name of the EC2 instance you want to include in your assessment target.
On the Define assessment template page specify the name for the assessment template. For Rule packages select the rule packages that you want to use in the assessment template.
In the Duration field, specify the duration for your assessment template. Click Next.
In the last page just review the all configuration and create and run.
It’s done…. Great
AWS Inspector Pricing
Now let’s talk about the cost for this service.
First it’s free for those Accounts that have never run an Amazon Inspector assessment, you’re eligible for 250 agent-assessments with host rules packages and 250 instance-assessments with the network reach ability rules package at no cost during your first 90 days.
Note: Do not confuse AWS trusted advisor and AWS Inspector, both are different.
The key differences are:
Trusted Advisor applies to the AWS account and AWS services
It highlights potential problems with the way you use AWS.
Whereas AWS Inspector:
Conclusion,
This is how Amazon Inspector helps us to identify the vulnerabilities in our EC2 instances and also provides the recommendations to fix them up.
As a Director of Eternal Web Private Ltd an AWS consulting partner company, Nirav is responsible for its operations. AWS, cloud-computing and digital transformation are some of his favorite topics to talk about. His key focus is to help enterprises adopt technology, to solve their business problem with the right cloud solutions.
Have queries about your AWS project ideas and concepts? Please drop in your project details to discuss with our AWS experts, professionals and consultants.
