- Newest
- Most votes
- Most comments
Depends on if you're using Inspector Classic or Inspector v2.
The FAQ page of Amazon Inspector Classic says "There is no performance impact to your application when running an agentless assessment with the network reachability rules package. There is a minimal performance impact during the data collection phase of the assessment run when using the Amazon Inspector Agent." which isn't super helpful. I spoke to the internal team and they said that beyond the telemetry data that it generates, the agent is not capable of collecting or transmitting any other data about the system or assessment targets that it is assessing so it's extremely low impact but didn't have specifics. In my own tests it came out to < 2% CPU usage. That's not constant, just every time the agent is scheduled to run scans.
Amazon Inspector v.2 makes use of the SSM agent instead of the previously used Inspector agent. So if your instances already have the SSM agent installed, there's no new software to install. Again, super low impact, my own tests came out to 1-2% of CPU usage.
Unfortunately there's no definitive answer because there's different variables for each environment, network, application, instance type, etc., but that shouldn't be significantly impacted by the agent, as it was designed to be extremely low impact.
Hi there
From the notes, I understand that you want to know how does Amazon Inspector affect performance?Does Amazon Inspector consume EC2 instance CPU or IOPS? If so, approximately how much?. Please correct me if my understanding is wrong.
Please note that there are 2 types of assessment that Inspector provides. They are as below:
- Network Assessments analyze the network configurations of your AWS environment for vulnerabilities, and do not require an Amazon Inspector agent.
- Host Assessments analyze the on-host software and configurations of your EC2 instances for vulnerabilities, and requires an agent to be installed on the EC2 instances. In case they are going ahead with Network assessment only, it does not require agent installation hence no such memory/resource is utilized. However in case of Host Assessment, agent installation is required. The Inspector agent utilizes 12 MB memory in its idle state (when not running an assessment). During an assessment run, the memory average approximately 30 MB memory in running state with peaks up to 65MB that typically occur during the assessment initialization.
There is no performance impact to your application when running an agentless assessment with the network reachability rules package. There is a minimal performance impact during the data collection phase of the assessment run when using the Amazon Inspector Agent.
Please make sure to check for availability of rules packages for supported operating systems[1]. These tutorials will help you in telling how to perform Amazon Inspector assessment runs on the Red Hat Enterprise Linux and Ubuntu operating systems. To learn the service and get started quickly, follow the Amazon Inspector Classic tutorials[2].
I hope the above information is helpful. Reference
1.https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages_across_os.html 2.https://docs.aws.amazon.com/inspector/latest/userguide/inspector_tutorials.html
Relevant content
- asked a year ago
- asked a year ago
- asked a year ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
