Skip to the content.
AWS Devops Engineer Professional
Amazon Inspector
- Enables to analyze the behavior of AWS resources
- Helps identify potential security issues
- Requires installation of Inspector agent to EC2 instances
- Inspector provides 2 types of setup:
- Network Assessment:
- Does not require the agent to be installed
- If the agent is installed, the assessment also finds processes reachable on ports
- Host Assessment
- Requires the agent to be installed
- It will run on instances and will analyze them from inside
- Inspector provides a list of predefined packages (rules), users can not create their own
- Packages:
- Network reachability
- Security best practices
- CIS OS security configuration benchmark
- Common vulnerabilities and exposures
- Duration of inspections can be between 1 and 24 hours
Automation
- Amazon Inspector can be target of en event in CloudWatch
- Scheduled inspection: can be activated from Inspector. It will create a rule in CloudWatch in order to regularly trigger inspections
- Assessment templates can also automatically send messages to an SNS topic. This can be activated from the Inspector using a template settings
- Notifications from Inspector can be done only using the send message to SNS topic functionality