How do I set up Amazon Inspector to run security assessments on my Amazon EC2 instances?
Last updated: 2019-09-03
How can I set up Amazon Inspector to perform a security assessment on my Amazon Elastic Compute Cloud (Amazon EC2) instance?
You can use Amazon Inspector service to create and run security assessments for your Amazon EC2 instances by following these steps:
Create a Service-Linked Role for Amazon Inspector and Tag your Amazon EC2 instances
- Open the Amazon Inspector console, and then choose Get Started.
- Follow the instructions for One-Click Step.
- Open the Amazon EC2 console, and then choose Instances from the left navigation menu.
- Select the instances that you want Amazon Inspector to perform an assessment on, and then choose the Tags tab.
- Choose Add/Edit Tags, and then choose Create Tag.
- Enter a Key and Value name, and then choose Save.
Install the Amazon Inspector agent
Follow the instructions for installing the Amazon Inspector agent for the OS of your Amazon EC2 instance:
- Installing the Agent on a Linux-based EC2 Instance
- Install the Amazon Inspector agent for Windows
- Install the Amazon Inspector agent for Amazon Linux AMI
- Install the Amazon Inspector agent with Run Command (SSM Agent required)
For information about automating the installation of the Amazon Inspector agent, see How to Simplify Security Assessment Setup Using Amazon EC2 Systems Manager and Amazon Inspector.
Define the assessment target
- Open the Amazon Inspector console, and then choose Assessment target.
- Choose Create, enter the name for your assessment target.
- Choose the Key and Value pairs for the Amazon EC2 instances you want to include in the assessment, such as "examplekey" and "examplevalue."
- Uncheck Install Agents, and then choose Preview to view and verify the instances that are included.
- Choose OK, and then choose Save.
Define the assessment template and run the assessment
- Open the Amazon Inspector console, choose Assessment templates, and then choose Create.
- In Assessment Template, enter a Name and Target name.
- For Rules packages, choose Common Vulnerabilities.
- For Duration, choose how long you want your assessment to run. Note: It's a best practice that you choose a duration of one hour if you have more than one rule package or instance.
- Uncheck Assessment Schedule, and then choose Create and run.
- After the assessment completes, from the left navigation menu choose Findings or Assessment runs.
Run the assessment
- Open the Amazon Inspector console.
- Select the Assessment templates section to see the available assessments.
- Choose the template that you created, and then choose Run to start the assessment immediately, or create an Assessment Event.
- After the assessment completes, from the left navigation menu, choose Findings or Assessment runs.
Assessment runs include a list of all assessment runs. You can review information about a particular assessment, generate a report from that assessment, or navigate to the security findings for specific assessments. For more information, see Assessment Reports.
Findings include a list of all Findings for all assessment runs. You can filter these results to see the finding that you want. Findings are identified security vulnerabilities or configuration exposures discovered during the Amazon Inspector assessment. To learn more about a Amazon Inspector finding, choose the arrow next to the finding to expand the detailed view. For more information, see Amazon Inspector Findings.
Note: Amazon Inspector assessment targets can only include Amazon EC2 instances that have a supported OS installed. See Amazon Inspector Supported Operating Systems and Regions for more information.