How can I set up Amazon Inspector Classic to perform a security assessment on my Amazon Elastic Compute Cloud (Amazon EC2) instance?
Resolution
You can use the Amazon Inspector Classic service to create and run security assessments for your Amazon EC2 instances by following these steps.
Important: Before you begin, consider moving from Amazon Inspector Classic to the new Amazon Inspector. This is because the new Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. For instructions, see Moving to the new Amazon Inspector.
Create a service-linked role for Amazon Inspector and tag your Amazon EC2 instances
- Open the Amazon Inspector console, and in the navigation pane choose Switch to Inspector Classic.
- Follow the instructions for One-click setup.
- Open the Amazon EC2 console, and then choose Instances from the navigation pane.
- Select the instances that you want Amazon Inspector to perform an assessment on, and then choose the Tags tab.
- Choose Add/Edit Tags, and then choose Create Tag.
- Enter a Key and Value name, and then choose Save.
Install the Amazon Inspector agent
Follow the instructions for installing the Amazon Inspector agent for the OS of your Amazon EC2 instance:
For information about automating the installation of the Amazon Inspector agent, see How to simplify security assessment setup using Amazon EC2 Systems Manager and Amazon Inspector.
Define the assessment target
- Open the Amazon Inspector Classic console, and then choose Assessment targets.
- Choose Create, enter the name for your assessment target.
- Choose the Key and Value pairs for the Amazon EC2 instances that you want to include in the assessment, such as "examplekey" and "examplevalue."
- Uncheck Install Agents, and then choose Preview to view and verify the instances that are included.
- Choose OK, and then choose Save.
Define the assessment template and run the assessment
- Open the Amazon Inspector Classic console, choose Assessment templates, and then choose Create.
- In Assessment Template, enter a Name and Target name.
- For Rules packages, choose Common Vulnerabilities.
- For Duration, choose how long you want your assessment to run. Note: It's a best practice to choose a duration of one hour if you have more than one rule package or instance.
- Uncheck Assessment Schedule, and then choose Create and run.
- After the assessment is complete, choose Findings or Assessment runs from the navigation pane.
Run the assessment
- Open the Amazon Inspector Classic console.
- Select the Assessment templates section to see the available assessments.
- Choose the template that you created.
- Choose Run to start the assessment immediately.
- After the assessment is complete, choose Findings or Assessment runs from the navigation pane.
Note: You can also set up automatic assessment runs through an AWS Lambda function.
Assessment runs include a list of all assessment runs. You can review information about a particular assessment, generate a report from that assessment, or navigate to the security findings for specific assessments. For more information, see assessment reports.
Findings include a list of all Findings for all assessment runs. You can filter these results to see specific findings. Findings are identified security vulnerabilities or configuration exposures that are discovered during the Amazon Inspector assessment. To learn more about an Amazon Inspector finding, choose the arrow next to the finding to expand the detailed view. For more information, see Amazon Inspector Classic findings.
Note: Amazon Inspector assessment targets can include only Amazon EC2 instances that have a supported OS installed. See Amazon Inspector Classic supported operating systems and Regions for more information.
Related information
Getting started with Amazon Inspector Classic