Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Inspector V2 is not detecting nodes for CIS scans.

0

AWS inspector classic worked fine for CIS benchmarks on our EC2 nodes. Trying to move over to V2 there are issues detecting nodes. All CIS scans currently show no checked resources and 0 checks.

  1. I've ensured SSM is working and at the latest versions. Associations status shows success
  2. Created necessary VPC Endpoints for SSM, S3, and EC2.
  3. Allowed the proper S3 buckets via region through IAM
  4. The correct IAM policies are applied to the nodes( AmazonSSMManagedInstanceCore and AmazonInspector2ManagedCisPolicy)
  5. All the instances are Amazon Linux 2023
  6. I've validated the CIS configuration tags exist on the target instances.

I've checked the SSM logs and Inspector logs on the EC2 instances, AWS Inspector doesn't show any helpful errors or output making it hard to troubleshoot further. Any insight or thoughts would be appreciated.

Topics
Security, Identity, & Compliance
Tags
Amazon Inspector
Language
English
asked 8 months ago137 views
2 Answers
0

Please keep in mind that the CIS standards are intended for x86_64 operating systems.

Reference to documentation: Click here

AWS
EXPERT
answered 8 months ago
  • ShawnRegard
    8 months ago

    I appreciate the input, but these are x86_64 systems.

0

Check the CIS scan configuration to verify that target resource tags are correctly defined and present. Adding tags to a CIS scan configuration:

AWS
EXPERT
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content