As per AWS docs, Ubuntu 20.4 is indeed support
|Ubuntu (Focal)||20.04 (LTS) x86_64, ARM64|
|Ubuntu (Jammy)||22.04 (LTS) x86_64, ARM64|
Amazon Inspector uses AWS Systems Manager (SSM) and the SSM Agent to collect information about the software application inventory of your EC2 instances. This data is then scanned by Amazon Inspector for software vulnerabilities. Therefore, the instance must be a managed instance in Amazon EC2 Systems Manager (SSM). For that, there are 2 things:
- An SSM managed instance has the SSM Agent installed and running
- Has an attached AWS IAM instance profile that allows SSM to manage the instance. Make sure that IAM role has "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" attached to it.
In order to troubleshoot, request you to kindly check the status of SSM agent:
sudo systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service
Once that is done, make sure that Instance is listed as SSM Managed Instanced in:
"AWS System Manager" >> "Node Management" >> "FleetManager".
If you're able to see the Instance ID listed here, that means that instance is an SSM Managed Instance. You may also check the associated related to the instance by following command:
aws ssm list-associations | grep i-0db211234567890
In regard to your specific question related to InvokeInspectorSsmPlugin-do-not-delete SSM association, it runs the Amazon Inspector SSM plug-in at regular intervals to collect instance data and generate Amazon Inspector findings.
- Ubuntu 20.4 is supported OS, I replicated the same in my environment, and I was able to get the findings.
- Kindly check and confirm, if instance is SSM managed instance. You can confirm it from "Fleet Manager" in System Manager's console. Also, check the latest associations.
- Make sure the role associated with the EC2 instance has at least "AmazonSSMManagedInstanceCore" & "AmazonSSMPatchAssociation" managed policy attached to it.
If even after checking above points, still EC2 instance is not scanning, request you to kindly reach out to us via Support Case with AWS Inspector team, and we will further be able to troubleshoot.
How does Amazon Inspector affect performance?Accepted Answerasked 6 months ago
How can I fix the AWS Inspector v2 error "Two state changes cannot be made at the same time."?asked 8 months ago
AWS Inspector agent install on EC2asked 3 months ago
Inspector Vuln Scan doesn't work with Windowsasked a year ago
AWS Inspector V2 and AWS Inspector Classic findings are differentasked 23 days ago
Linux Workspaces with AWS Inspectorasked 5 months ago
Amazon Inspector v2 ECR enhanced scans are not finding expected vulnerabilitiesasked a year ago
Amazon Inspector - Agent Status UNKNOWNasked a year ago
AWS Inspector Suppression Rulesasked a month ago
AWS Inspector - Pricingasked a year ago