2 Answers
- Newest
- Most votes
- Most comments
1
Amazon Inspector uses the service-linked role named AWSServiceRoleForAmazonInspector2. This service-linked role trusts the inspector2.amazonaws.com service to assume the role.
The permissions policy for the role, which is named AmazonInspector2ServiceRolePolicy, allows Amazon Inspector to perform several tasks, such us using select Elastic Load Balancing actions to preform network scans of EC2 instances that are part of Elastic Load Balancing target groups.
The role configured must include the following permissions policy.
"Sid": "TirosPolicy", "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetHealth",
[REFERENCES]
answered 8 months ago
0
Thanks for your help. Linked IAM Policy "AmazonInspector2ServiceRolePolicy" magically updated yesterday to Version 11 and has this permission. We will monitor CloudTrail logs for any further errors.
answered 8 months ago
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 20 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago