Amazon Inspector のアイコン

Amazon Inspector Popular2015年〜

A service that automatically scans EC2 instances, container images, and Lambda functions for vulnerabilities

About 2 min read

What It Does

Amazon Inspector is a service that automatically scans EC2 instances, ECR container images, and Lambda functions for software vulnerabilities and network exposure. It detects vulnerabilities based on the CVE database and provides severity scores along with remediation guidance.

Use Cases

Used for scanning OS packages on EC2 instances for vulnerabilities, performing pre-deployment security checks on container images, detecting vulnerabilities in Lambda function dependencies, and managing vulnerabilities for compliance requirements.

Everyday Analogy

Think of it like a regular building safety inspection. A professional inspector examines the structure (software) of a building (instance), finds cracks (vulnerabilities), and reports repair methods (remediation guidance).

What Is Inspector?

Amazon Inspector is a service that continuously scans your workloads for vulnerabilities. Simply enable it, and target resources are automatically discovered and scanning begins. When new CVEs are published, automatic re-scans are triggered, ensuring assessments are always based on the latest vulnerability information.

Scan Targets and Findings

Inspector scans OS packages on EC2 instances, packages in ECR container images, and dependencies in Lambda functions. Findings include the CVE ID, severity score (Inspector score), affected packages, and the fixed version. You can aggregate findings in Security Hub for centralized management. For a comprehensive view of scan targets and findings, technical books (Amazon) are a great reference.

Getting Started

Just click 'Enable Inspector' in the Inspector console to get started. You can enable scanning for EC2, ECR, and Lambda individually. A 15-day free trial is available. With Organizations integration, you can enable it across all accounts at once.

Things to Watch Out For

  • EC2 instance scanning requires the SSM Agent to be installed
  • Billed monthly based on the number of scanned instances and container images. A 15-day free trial is available
共有するXB!

Related Services

AWS Security Hub iconAWS Security HubCentrally manage your AWS security posture and automatically check compliance with best practicesAmazon ECR iconAmazon ECRA fully managed registry for securely storing, managing, and distributing Docker container imagesAmazon EC2 iconAmazon EC2A compute service that provides virtual servers in the cloudAWS Systems Manager iconAWS Systems ManagerAn operations management service for centrally managing AWS resources and on-premises servers

Related Articles

Amazon ECR Container Image Management - Lifecycle Policies and Image ScanningLearn how to automatically clean up old images with private repository lifecycle policies and detect vulnerabilities with image scanning.Automated Vulnerability Scanning with Amazon Inspector - Continuous Security Assessment for EC2, Lambda, and ECRAutomatically scan EC2 instances, ECR container images, and Lambda functions for vulnerabilities and prioritize them with CVE-based risk scores. Learn how to achieve agentless scanning through Systems Manager integration.Vulnerability Assessment and Threat Detection - Continuous Security Monitoring with Amazon Inspector and GuardDutyLearn how to design and operate vulnerability assessment and threat detection using Amazon Inspector and Amazon GuardDuty.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWS

Similar Articles and Services

Amazon InspectorA security assessment service that automatically and continuously scans EC2 instances, Lambda functions, and container images for vulnerabilitiesAutomated Vulnerability Scanning with Amazon Inspector - Continuous Security Assessment for EC2, Lambda, and ECRAutomatically scan EC2 instances, ECR container images, and Lambda functions for vulnerabilities and prioritize them with CVE-based risk scores. Learn how to achieve agentless scanning through Systems Manager integration.Vulnerability Assessment and Threat Detection - Continuous Security Monitoring with Amazon Inspector and GuardDutyLearn how to design and operate vulnerability assessment and threat detection using Amazon Inspector and Amazon GuardDuty.Amazon ECR Container Image Management - Lifecycle Policies and Image ScanningLearn how to automatically clean up old images with private repository lifecycle policies and detect vulnerabilities with image scanning.Amazon ECRA fully managed container registry for securely storing, managing, and deploying Docker container images