DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Cover image for Scan Your AWS Lambda Functions with Amazon Inspector
Sena Yakut for AWS Community Builders

Posted on • Originally published at senayktt.Medium

Scan Your AWS Lambda Functions with Amazon Inspector

Security visibility and vulnerability management are important steps for your cloud environments. These two steps are not one-time jobs, these should be regular and real-time if it’s possible. AWS has lots of services and solutions for securing your cloud, gaining visibility for vulnerabilities, and remediating them as soon as possible. Every day, the AWS team finds and adds new solutions to these services. Today, we’re going to learn new features of Amazon Inspector. With this new feature that announced in re:Invent 2022, you can scan your AWS Lambda functions with Amazon Inspector. Let’s start and see what we can do together!

What is Amazon Inspector? Why do we need this service?

What is Amazon Inspector
The vulnerability management process is important. It keeps your resources and network safe from known attack surfaces. We can also stay compliant with any regulatory requirements.
If you’re running your workloads in AWS and want to find a solution related to vulnerability management, this is your solution: Amazon Inspector. Amazon Inspector is a vulnerability management service for your scanning workloads. In the past years, these workloads focused on AWS EC2 instances and AWS ECR. With new features, we can easily scan our AWS Lambda functions with Amazon Inspector.
Serverless technology is included more and more in our architectural designs. With this increase, we need to find a solution for serverless vulnerability management. There are some third-party tools for managing them, or you can find a custom solution for scanning your serverless workload regularly. But why don't we use it when AWS has a cool service like this?

Using the Amazon Inspector
With just one click, you can enable it easily.
Using the Amazon Inspector
After enabling Amazon Inspector, it automatically scans your environment and provides a general dashboard for you. You can decide where you need to focus first.
General Dashboard of AWS Inspector
If you select the β€œBy Lambda function” part, you will only see the Lambda based vulnerabilities for your AWS account (or lots of AWS account if you’re using AWS organizations). We have function name, account id, runtime details, the number of severities in this page.
Amazon Inspector By Lambda function
If you want to analyze your AWS Lambda vulnerabilities deeply, you can select them one by one. Let’s select one of my Lambda functions and analyze it together.
Whenever we’ve done a change in AWS Lambda, Amazon Inspector realizes it automatically and scans it again.
Amazon Inspector By Lambda function
As you see, we have lots of critical findings and we need to remediate them as soon as possible. But I want more details about the vulnerability. We can see all details within the findings part of the page. Also, you’ve realized there is a β€œLayers” part. Yes, Amazon Inspector finds vulnerabilities related to your AWS Lambda Layers.
Amazon Inspector By Lambda function
We have lots of details about this finding on one page. First of all, affected packages or resources can help us the where we will see this vulnerability.
Image description
We have also remediation and vulnerability details part to prioritize this finding in our software development process. In the inspector score, you can see the CVSS v3 and Amazon Inspector scores.
Amazon Inspector score

Amazon Inspector Pricing
We have a 15-day free trial to use for this service. If you want to find a solution to your vulnerability management process, you can give this service a try. Believe me, it’s very useful and easy to use for starting the process. For the AWS Lambda side, after the trial, you will pay an average number of Lambda functions scanned per month. You can see more details about pricing here.

Thanks for reading! Stay safe in the cloud! ☁️☁️

Top comments (0)

Does your company have something to share with DEV?

Create an Organization and start sharing content with the community on DEV.