AWS Inspector — Security Assessment and Automation Tool

AWS Inspector — Security Assessment and Automation Tool

May 13, 2020 / Eternal Team

AWS inspector is a security tool which helps to improve the security and compliance of applications on AWS EC2. Using Amazon Inspector, you can easily automate security testing across development, test, and production environments. AWS Inspector produces a detailed list of security findings prioritized by level of severity, so that you can easily see them in the Amazon Inspector console or API and mitigate the associated risks.

Why is it required?

As we know that security is one of the main concerns for any organization, so AWS Inspector helps to improve the overall application security by examining it when an application is in production or is being developed or deployed. It also assesses the accessibility and vulnerability in your EC2 setup.

AWS Inspector Terminology

Amazon Inspector agent: Inspector agents are installed on the EC2 instances. These agents collect the data associated with installed software and send it to AWS Inspector services.

Assessment target: Normally it is a set of EC2 instances which you want to assess for vulnerably. Targets are identified by unique tags.

Rules and rules package: Checks are performed on the IT resources based on certain rules. The collection of a rule is a rules package which are often updated by security researchers at AWS..

Telemetry: Behavioral or configuration data collected from EC2 instances by the inspector agent is called Telemetry.

Finding: Findings are the issues discovered by the inspector.

rSetting up Amazon Inspector

First we need to install the AWS agent on each instance. In order to do that, first download the agent script by running following the commands:

To install the agent, run sudo bash install.

This will successfully install AWS agent on your EC2 instance.

Next, Sign into the AWS Management Console and open the Amazon Inspector. And on the prerequisites page, click on rChoose or Create role

Specifying the newstr IAM role created. Click Allow.

Now on Define an assessment target page, specify the name of the assessment target and in the Tags field, select Key as Name and value as the name of the EC2 instance you want to include in your assessment target.

On the Define assessment template page specify the name for the assessment template. For Rule packages select the rule packages that you want to use in the assessment template.

In the Duration field, specify the duration for your assessment template. Click Next.

In the last page just review the all configuration and create and run.

It’s done…. Great

AWS Inspector Pricing

Now let’s talk about the cost for this service.

First it’s free for those Accounts that have never run an Amazon Inspector assessment, you’re eligible for 250 agent-assessments with host rules packages and 250 instance-assessments with the network reach ability rules package at no cost during your first 90 days.

Note: Do not confuse AWS trusted advisor and AWS Inspector, both are different.

The key differences are:

Trusted Advisor applies to the AWS account and AWS services

  • Cost Optimization
  • Fault Tolerance
  • Performance
  • Service Limits
  • Security

It highlights potential problems with the way you use AWS.

Whereas AWS Inspector:

  • checks the configuration of EC2 instances
  • An agent runs on EC2 instances and checks operating system patches.
  • In short, it will apply to the content of multiple EC2 instances.

Conclusion,

This is how Amazon Inspector helps us to identify the vulnerabilities in our EC2 instances and also provides the recommendations to fix them up.

AWS-Consulting-Partner

Talk to AWS Certified Consultant

    Want to start a project?

    It’s simple.

    Contact us