With the ever-increasing threat of attacks against the integrity, confidentiality, and availability of your data within your organization, the need to ensure strict security procedures and processes is paramount, and learning how to use Amazon Inspector is key.
AWS offers a wide range of security services to help you achieve the level of security that you need to enforce within your environment, and the Amazon Inspector service is just one of those that can help.
This service is used to help you find security vulnerabilities within your EC2 instances and any applications running on them, during any stage of development and deployment.
With its ability to automatically detect known and common security issues across a range of rules of compliance, Amazon Inspector can also provide details on how to remediate these potential weaknesses in your infrastructure. This makes the service a key asset within your security toolset.
This course looks at what the service is and does, and how it does it by going into detail about all components involved. Demonstrations will also be provided in its configuration.
- What is Amazon Inspector?: This lecture explains at a high level what Amazon Inspector is and why you may want to use it
- Components of Amazon Inspector: This lecture defines the main components of the service and how these fit together
- Demonstration: How to Configure Amazon Inspector: This demonstration shows how to get started and how to configure the service
- Demonstration: Working with findings: This lecture demonstrates how to view the different Amazon Inspector findings following an assessment
- Integration with CloudWatch & CloudTrail: This lecture explains how Amazon Inspector can be monitored with CloudWatch and CloudTrail
- Service Limitations and Costs: This lecture explains the limitations of the service in addition to how costings are calculated
- Summary: This lecture summarizes points learned from the previous lectures within the course
Hello and welcome to this lecture where I want to briefly summarize the key points that we have learnt throughout the previous lectures.
I started off by looking at what Amazon Inspector is and what it does. Here I explained that Amazon Inspector is a managed service to help find security vulnerabilities within your applications and services. It uses hundreds of best practices and known security weaknesses to assess EC2 instances. Any findings are detailed to allow you to rectify the security risk within your environment. Amazon Inspector provides confidence in the level of security built into your applications and services. Threats and vulnerabilities can be reduced when using Amazon Inspector.
Next I explained the different components that make up the Amazon Inspector service. The Amazon Inspector role. This role has read only access to all EC2 instances within your AWS account allowing you to run assessments.
Assessment targets. This is a grouping of AWS EC2 instances that you want to run an assessment against, which are grouped together using tags.
AWS agents. These are software agents that are installed on your EC2 instances that need to be assessed to track and monitor data across the network, file system, and any process activity of the instance.
Assessment templates. These templates define a specific configuration as to how an assessment is run on your EC2 instances.
Rules packages. Rules packages contain a number of individual rules which are individually checked against the telemetry data that comes back from the assessment. The rules packages are common vulnerabilities and exposures, Center for Internet Security benchmarks, and security best practices.
Assessment run. Once you have configured your Amazon Inspector role, installed the agents, and configured your assessment target and assessment templates, you can run the configured assessment on your assessment targets, which is known as the assessment run.
Telemetry. This is the data that is collected from an instance detailing its configuration, behavior, and process during an assessment run.
Assessment reports. On completion of an assessment run, an assessment report can be generated providing details on what was assessed and all the results of that assessment. This is available as either a findings report or a full report.
Findings. A finding is a potential security issue or risk against one of your EC2 instances within the assessment target following an assessment run.
Once there is an understanding of the different components of the Amazon Inspector service, I performed a demonstration where I showed you how to create and select an Amazon Inspector role, create an assessment target, define an assessment template, complete an assessment run, generate an assessment report, and automatically schedule future assessment runs via an AWS lambda function.
This was followed up by showing you how to review your findings through the use of assessment reports, filtering of findings, viewing the findings in a detailed view, remediation recommendations and steps, tagging of findings to allow you to manage the workflow of resolution.
I then looked at how Amazon Inspector has integration with Amazon CloudWatch and AWS CloudTrail.
Within CloudWatch there are a number of metrics for assessment targets, assessment templates, and aggregate metrics. From an AWS CloudTrail perspective, all API calls that are performed by Inspector are logged with CloudTrail.
Finally, I looked at the service limitations and costings. From a limitation perspective, a maximum number of agents per assessment is 500. There is a default limit of 50,000 assessment runs per AWS account. A default limit of 500 assessment templates are allowed per AWS account, and a default limit of 50 for assessment targets. Pricing is configured as follows. Amazon Inspector is priced at per agent, per assessment run, which is an agent assessment, per month. There are no other costs associated with Amazon Inspector, so there are no upfront or ongoing maintenance costs. And pricing for agent assessments start at $0. 30 per month.
You should now have a good understanding of Amazon Inspector and what it is used for and how it can use best of service within your own environment to help you mitigate against known security vulnerabilities and exposures to ensure your environment stays as secure as it can be.
If you have any feedback on this course, positive or negative, please do leave a comment on the course landing page. We do look at the comments and your feedback is greatly appreciated.
Thank you for your time and good luck with your continued learning of cloud computing.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.