How To Scanning Amazon EC2 Instances With Amazon Inspector

Amazon Inspector is a vulnerability management service that continuously scans your running Amazon EC2 instances, container images in Amazon Elastic Container Registry (Amazon ECR), and AWS Lambda functions.

Now here we see how to scan Amazon ec2 instances with Amazon Inspector.

Amazon Inspector EC2 scanning extracts metadata from your EC2 instance and compares it with rules collected from security advisories to produce findings. Amazon Inspector scans instances for package vulnerabilities and network reachability issues.

Types Of Scan Methods

Package vulnerability scans can be performed using a two-scan method.

• Agent-based
• Agentless

Agent-based scanning:

Agent-based scans are performed continuously using the SSM agent on all eligible instances. For agent-based scans, Amazon Inspector uses SSM associations, and plugins installed through these associations, to collect software inventory from your instances.

Agentless scanning

Agentless scans are performed using EBS snapshots to collect a software inventory from instances. Instances scanned for both operating system package, and application programming language package vulnerabilities.

Now here we scan EC2 instances with an agent-based scanning method.

Steps to scan EC2 instances in Amazon Inspector:

Step 1: Launch the EC2 instance of Linux and set all inbound rules like SSH, HTTP, HTTPS, etc.

Step 2: In inspector we inspect all of account by admin access account to delegate it and also inspect our account at a time. So here we inspect login account only.

Go to Amazon Inspector and click on Activate Inspector.

And then you see Amazen inspector dashboard. Here you see Environment coverage, Critical findings, Risk based remediations and most Critical findings of all EC2, ECR and Lambda function and etc.Now click on instances “0%”.

Here you see in details of header “Status” –“Unmanaged EC2 instances”.

Now click on “All finding” and you see there see you see finding about your instances like open port and etc.

Step 3: Now scan EC2 instances continually set a IAM Roles for SSM agent.Go to IAM and click on Roles -> create role.

Select EC2 in use case. Click on next

Step 3.1: select “AmazonSSMManagedInstanceCore” policy and click on next.

Step 3.2: write role name and description of role and click on “create role”.

Now configure this role to EC2 instances.

Step 4: go to EC2 instances click on your instances -> Action -> Security -> Modify IAM role

Step 4.1: choose your create role and click on Update IAM role.

Now it take half an hour and then it see again Inspector now in Environment coverage “instances” is update and then click on it and see the “Stutas” header it update to “Actively monitoring”.

And now it actively scan all package vulnerabilities and for network reachability of your EC2 instances.

Conclusion

So, here we actively scan all package vulnerabilities and for network reachability of our EC2 instances by amazon inspector and monitoring our EC2 instances. Amazon Inspector offers a robust and automated solution for scanning your EC2 instances for vulnerabilities and security misconfigurations.

Scanning Amazon EC2 Instances With Amazon Inspector – FAQ’s

Does Inspector scan stopped instances?

No, Inspector pauses scanning for stopped instances.Inspector will not actively search for vulnerabilities on the stopped instance.

What happens when an instance is stopped?

The virtual machine (VM) running the instance is shut down. This means the instance is no longer operational and unavailable for use.

How frequent is vulnerability scanning?

Network Reachability Scans (EC2 Instances): These scans happen every 24 hours for EC2 instances