Introduction to Amazon Inspector
Run Automated Security Checks
Is your team using Amazon Inspector? This AWS service “tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances.” It will measure and compare your configurations against industry standards like the CIS Benchmarks. You can integrate Amazon Inspector into your existing information security processes, as well as deployment and production processes.
We recommend using Amazon Inspector on a weekly basis. It must be implemented in each Region. To leverage Amazon Inspector in your AWS environment, you can utilize these key features:
- Configuration scanning and activity monitoring engine
- Built-in content library
- Automation through an API
Learn more about this service in the AWS documentation on Amazon Inspector terminology and concepts.
Transcription
A great tool available from AWS is Amazon Inspector, which provides automated security assessments for both your network or your hosts individually. Amazon provides AMIs that already have the agent installed, or you can install the agent yourself. Inspector will measure to find vulnerabilities and see if your configurations align with CIS Benchmarks. Inspector is provided on a per Region basis, so you'll need to enable it for each Region. The scan interval that is recommended is per week. You can and should use these scans to measure your configurations against the CIS Benchmarks and to find any vulnerabilities that are in your applications.