Back to Catalog
Security, Identity, & Compliance

Amazon Inspector

"Automated vulnerability management service that scans AWS workloads."

What is Amazon Inspector?

Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

Key Concepts

1. Workloads Scanned

  • EC2 Instances: Checks operating systems and installed software.
  • Container Images: Scans images in Amazon ECR (Elastic Container Registry).
  • Lambda Functions: Checks function code and dependencies (e.g., Python libraries).

2. What it Detects

  • CVEs (Common Vulnerabilities and Exposures): "This version of Linux has a known security hole."
  • Network Reachability: "This EC2 instance has port 22 (SSH) open to the entire internet (0.0.0.0/0)."

3. Continuous Scanning

  • Inspector automatically re-scans resources whenever a new software package is installed or a new CVE is published.

Exam Tips

[!IMPORTANT] Assessment vs Threat Detection:

  • Inspector: Scans for potential vulnerabilities (Configuration, Patching). "Is the door unlocked?"
  • GuardDuty: Monitors for active threats (Logs, DNS). "Is someone breaking in right now?"

[!NOTE] Agent vs Agentless: Inspector uses the SSM Agent (Systems Manager) to scan EC2 instances. It does NOT require a separate Inspector-specific agent anymore (in the modern version).

[!WARNING] Inspector is for EC2, Lambda, and ECR. It does not scan S3 buckets for PII (that's Macie).

Common Use Cases

  • Compliance: Ensuring all EC2 instances are patched against the latest known vulnerabilities.
  • DevOps: Scanning container images in the build pipeline before deploying them to production.
GuardDuty
Macie
SWIPE ZONE
< DRAG ME >