Amazon Inspector supports organization-wide management through AWS Organizations policies
Amazon Inspector can now be enabled, configured and managed across your organization using AWS Org policies. With this new capability, you can centrally configure and manage scan types—such as Amazon EC2 scanning, ECR scanning, Lambda standard and Code Scanning, and Code Security — across all the accounts in your organization, selected organizational units (OUs), or individual accounts. The new Inspector policy type within AWS Organization simplifies your service onboarding, management, and ensures consistent, organization-wide vulnerability scanning coverage.
This feature helps you maintain a uniform security baseline by automating Inspector enablement through a single AWS Organization policy. To get started, designate a delegated admin within Amazon Inspector, enable the “Inspector policies” policy type in the AWS Organizations console, and create a policy that specifies the desired scan types and Regions. Once attached to your organization root or OUs, Inspector will automatically be enabled for all the specified scan-types across covered accounts . When the Inspector policy is created and attached, all in-scope accounts automatically are aligned with your Organization-wide policy definition. New accounts that join the organization or are moved into an OU with an attached policy, inherit Inspector enablement automatically—reducing operational overhead and eliminating coverage gaps.
Amazon Inspector is a vulnerability management service that continuously scans AWS workloads including Amazon EC2 instances, container images, AWS Lambda functions, and code repositories for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS organization. The AWS Organizations Inspector policy for organization-wide enablement is available at no additional cost to Amazon Inspector customers in all AWS commercial, China, and AWS GovCloud (US) Regions where Amazon Inspector is available.
To learn more about Amazon Inspector policies within AWS Organization, visit: