Amazon Inspector Findings


Vulnerability Management at Scale with Amazon Inspector
Start course

In this course, we introduce the latest version of Amazon Inspector, now improved for automated and continuous vulnerability management at scale.

Learning Objectives

  • Learn about the new Amazon Inspector, its function, operation, and implementation

Intended Audience

  • Architects, developers, and system operators looking to understand the basic function and operation of Amazon Inspector
  • Those studying for the Solutions Architect Associate and SysOps Associate certification exams


  • To get the most out of this course, you will need to meet the requirements for the Cloud Practitioner level certification by AWS or have equivalent experience

The Amazon Inspector Dashboard provides a view of findings from across your entire environment. You can access the fine grain details for a finding by selecting it. The dashboard contains streamline information about scan coverage in your environment, your most critical findings, and which resources have the most findings. The risk-based remediation panel in the Amazon Inspector Dashboard presents the finding that affects the largest number of instances and images. This panel makes it easier to identify critical findings in your environment, see finding details, and view suggested solutions. 

Amazon Inspector can sort, group, and manage your findings. They appear based on their state; active, suppressed, or closed. By default, only active findings are shown. An active finding is a potential security issue detected which points to a vulnerability or threat that needs to be remediated. Suppressed findings are active findings that you have excluded using suppression rules. Inspector automatically sets a finding status to close when it detects that the finding is remediated. You do not manually close findings.

You can scan Amazon EC2 instances, Amazon Elastic Container Registry. You can also scan Lambda functions if you want. Container image findings are also available in the Amazon ECR console, and you can view all findings using the AWS Command Line Interface or an API invocation. Findings can be grouped in various ways, starting with vulnerability where the most critical issues detected are displayed. You can also group accounts and show total number of critical and high-severity findings for each. 

Grouping by instance show the most vulnerable EC2 instances and AMIs in your implementation. You can also gain visibility of any Lambda function deployed that requires perhaps a reevaluation of its code and behavior. Suppression rules exclude Inspector findings with a defined criteria. You can suppress low vulnerability scope findings. Suppression rules do not impact the finding itself and do not stop Inspector from generating a finding. Suppression rules are used to filter your findings. Inspector automatically exports findings to EventBridge and as an option to an Amazon S3 bucket. You will need a KMS key for Inspector to use and encrypt findings. Inspector will also need S3 bucket permissions to upload objects.


About the Author
Jorge Negrón
AWS Content Architect
Learning Paths

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).

Covered Topics