2 Answers
- Newest
- Most votes
- Most comments
1
Hi,
Did you check your inventory under Fleet manager in System manager to make sure that there are software packages?
https://repost.aws/knowledge-center/amazon-inspector-ec2-scanning
0
Hello, did you manage to sort this issue? I am encountering a similar issue setting up CIS scans
answered a month ago
Yes, I have resolved the issue. You need to make sure of the (Tag). For example, if your ec2 instance is launched with tag (Name) = test-cis At the Inspector creation scan screen, make sure to use this key (Name) with the correct value. Don't miss to consider the other needed things (Permissions: To grant permissions to run CIS scans, attach the “AmazonSSMManagedInstanceCore” and the “AmazonInspector2ManagedCispolicy” IAM policies to the EC2 instance profile role).
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
It is already there, yes. The message I can see in the CIS scan results is "No checks No checks to display" Does this mean the Instance is eligible for the CIS scan? I don't think that. The only (Association) in the pending status at the (AWS-QuickSetup-SSMHostMgmt-CollectInventory-iyuxc) I found articles saying this for the insufficient privileges, but over AWS documents no one mentioned any policies other than (AmazonSSMManagedInstanceCore & AmazonInspector2ManagedCispolicy), which already added to the IAM of my instance. I am using AL2023 OS! The (vulnerability scan) works as expected, I can see (No findings) for this, but the CIS scan (No checks to display).