Amazon Inspector: A cloud-based vulnerability assessment tool


Over the last few years, we have seen a lot of high-profile data breaches in organizations that are using cloud-based infrastructure. A cloud-based service provider, such as AWS, gives the flexibility to create an infrastructure in just a few clicks, but at the same time it opens many opportunities for attackers if you miss any security checkpoint. To fill these gaps, Amazon Web Services (AWS) provides several different services which can be used to maintain and ensure the security of the cloud infrastructure.

Interested in another course? Check out our course page. We offer a wide range of high-quality courses spread across 15 vendors and 80+ certifications.

About AWS Inspector

Amazon Inspector is an automated security assessment service which evaluates the security loopholes in deployed resources, per the compliance in the Amazon cloud. AWS Inspector is a very important security assessment service, as it generates automatic reports with detailed findings on the selected resources. It prioritizes the vulnerabilities according to their severity level, making it simple to understand which pieces of software need to be patched immediately.

In this article, we will try to understand how AWS Inspector communicates with the EC2 instances to assess the servers. We will also learn to configure the AWS inspector to operate automatically.

Before we start, I would like to mention that this is not a penetration testing tool because penetration testing specifically breaks the system from the outside. AWS inspector, by comparison, is a process in which we install an agent in all the EC2 instances which will then check all the vulnerabilities internally and provide a detailed report with suggested mitigations.

The summary of the steps involved to configure AWS Inspector are given below:

  • Log into the EC2 instance
  • Configure inspector agent on the EC2 instance
  • Configure the assessment target through AWS console
  • Configure assessment template
  • Configure assessment rules
  • Run an assessment
  • Analyze reports

The first step is log into the EC2 instance and configures the AWS agent. In our case, I am assuming that our readers have a basic knowledge of AWS and the EC2 instance and it is already running in the AWS account.

First, we log into the running EC2 instance and install the Inspector as follow [CLICK IMAGES TO ENLARGE]:

Command Used:

<< wget>>

In the highlighted area of the above screenshot, we can see that we have first used the wget utility to download the inspector agent on the EC2 instance. When the package is downloaded into the system, we can view the same by using the ls command.

Now we need to change the permission of this file to be able to install it. In order to do this, I used the chmod command to give the executable permission and start the installation process by using the command which can be seen in the following screenshot.

Command Used:

  • << chmod +x install >>
  • << ./install >>

After starting the installation process, it will take some time and a very large output will be generated by the installation process, but it should end at a “complete” message which confirms that AWS Inspector has been successfully configured into the EC2 machine. The compete message can be seen in the following screenshot.

In the above screenshot, we can see that AWS Inspector Agent has successfully been installed on the EC2 instance.

So far, we have configured AWS Inspector Agent on the EC2 Instance. After the installation, we need to log into the AWS account and search for AWS Inspector. When we open the Inspector in the console, it opens a webpage which can be seen in the following screenshot.

Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services