With the ever-increasing threat of attacks against the integrity, confidentiality, and availability of your data within your organization, the need to ensure strict security procedures and processes is paramount, and learning how to use Amazon Inspector is key.
AWS offers a wide range of security services to help you achieve the level of security that you need to enforce within your environment, and the Amazon Inspector service is just one of those that can help.
This service is used to help you find security vulnerabilities within your EC2 instances and any applications running on them, during any stage of development and deployment.
With its ability to automatically detect known and common security issues across a range of rules of compliance, Amazon Inspector can also provide details on how to remediate these potential weaknesses in your infrastructure. This makes the service a key asset within your security toolset.
This course looks at what the service is and does, and how it does it by going into detail about all components involved. Demonstrations will also be provided in its configuration.
Course Lectures
- What is Amazon Inspector?: This lecture explains at a high level what Amazon Inspector is and why you may want to use it
- Components of Amazon Inspector: This lecture defines the main components of the service and how these fit together
- Demonstration: How to Configure Amazon Inspector: This demonstration shows how to get started and how to configure the service
- Demonstration: Working with findings: This lecture demonstrates how to view the different Amazon Inspector findings following an assessment
- Integration with CloudWatch & CloudTrail: This lecture explains how Amazon Inspector can be monitored with CloudWatch and CloudTrail
- Service Limitations and Costs: This lecture explains the limitations of the service in addition to how costings are calculated
- Summary: This lecture summarizes points learned from the previous lectures within the course
Hello and welcome to this lecture. We're going to explain the different service limitations of Amazon Inspector as well as how much it's going to cost to use and implement within your own environment.
Across the service there are a number of limitations that you'll need to be aware of.
Agents per assessment. When creating your target assessments the maximum number of agents that can be included is 500. Be aware that this limit can't be increased. The number of assessment runs.
There is a default limit of 50,000 assessment runs that you can have per account. If you need this limit to be increased then you need to contact the AWS Customer Support to do so.
The number of assessment templates. Again, by default, there is a limit of 500 assessment templates that can assist in an AWS account. If this limit needs to be increased, then again, you can contact AWS Customer Support.
The number of assessment targets. This has a default limit set to 50, which can also be increased if required to do so.
Although I mentioned this earlier in a previous lecture, it's worth noticing the limitation of rule packages against specific operating systems.
So how much will using Amazon Inspector cost you to gain all of this additional security information within your environment? Which is always an important factor for any service. For the benefit it brings to you and your environment, I think it's very cost-effective.
Essentially, Amazon Inspector is priced at per-agent, per-assessment run, which is an agent assessment per month. For example, if you were to run one agent against 20 assessments that would be 20 agent assessments, or two agents against five assessments, that would be 10 agent assessments. There are no other costs associated within Amazon Inspector so there are no up front or on-going maintenance costs.
The pricing for agent assessments per month starts at 30 cents but there is capacity for a discount with the more agent assessments run per month.
That now brings us to the end of this lecture. Coming up in the last lecture, I will summarize the main points that we have learned from each lecture.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.