How to Manage Inspector (v2) suppression rules via Delegated Admin at scale?

You're right, the 500 suppression rule limit per account can be a challenge when managing Inspector findings at scale, especially when using the Delegated Admin account within AWS Organizations.

Here are a few approaches that others have used to manage Inspector suppression rules more effectively in a multi-account scenario:

1. Automate Suppression Rule Creation: Instead of manually creating suppression rules, you can use automation to create and manage them programmatically. This could involve using AWS Lambda functions, AWS Step Functions, or other custom scripts to create, update, and delete suppression rules based on your organization's policies and requirements.

2. Leverage Resource Grouping: Instead of creating individual suppression rules for each account, you can group your resources (e.g., by environment, application, or team) and create suppression rules at the resource group level. This can help you manage the suppression rules more efficiently, as you'll have fewer rules to maintain.

3. Optimize Suppression Rule Granularity: Instead of creating highly specific suppression rules (e.g., one rule per account, CVE, and resource), try to find a balance between granularity and the number of rules. For example, you could create suppression rules based on a combination of CVE, severity, and resource type, rather than individual resources.

4. Implement a Centralized Suppression Rule Management System: Consider building a custom application or using a third-party tool to manage your suppression rules centrally. This could involve creating a web-based interface or API that allows your teams to request and manage suppression rules, while the Delegated Admin account handles the actual creation and maintenance of the rules.

5. Utilize AWS Organizations Service Control Policies (SCPs): SCPs can be used to limit the number of suppression rules that can be created within member accounts, effectively offloading the management of these rules to the Delegated Admin account. This can help you maintain control over the suppression rules while still allowing some level of self-service for your teams.

6. Explore Third-Party Tools: There are some third-party tools and solutions that can help manage Inspector findings and suppression rules at scale, such as AWS Security Hub, Barracuda CloudGen Firewall, or CrowdStrike Falcon. These tools may provide more advanced features and capabilities for managing Inspector findings and suppression rules across multiple accounts.

The best approach will depend on your specific requirements, the complexity of your AWS environment, and the level of automation and centralized control you require. It's often helpful to experiment with different strategies and evaluate their effectiveness before settling on a long-term solution.