Amazon Inspector, GuardDuty, Trusted Advisor, and Artifact

Learn about key security services in AWS.

Amazon Inspector

Amazon Inspector is an automated security assessment service for EC2 instances, Elastic Container Registry (ECR) images, and Lambda functions. It allows us to identify potential security issues by automatically evaluating the network configuration and application dependencies.

Features

  • Inspector allows us to define a set of rules that identify security best practices and potential vulnerabilities. We can then run assessments to check whether our application instances (ECR images and Lambda functions) comply with these rules.
  • It generates a detailed report of the assessment findings, including identified security issues and recommendations for remediation.
    • The assessment report can be sent to AWS Security Hub or EventBridge.
    • All findings have a risk score value.
  • For EC2 instances, Amazon Inspector:
    • Analyzes the EC2 OS against the Common Vulnerabilities and Exposures (CVE) database.
    • Checks for unintended network access.
    • Only evaluates running EC2 instances.
  • Inspector analyzes Lambda functions for code or dependency vulnerabilities.
  • It can evaluate all or filtered images as they’re pushed to an ECR service.
  • It integrates with other AWS security services, such as Security Hub and CloudWatch, as well as third-party security tools to provide a comprehensive view of our cloud security.

The following code shows a description of an Amazon Inspector finding. We can see the report description, recommendation, severity, and title.

Get hands-on with 1400+ tech skills courses.