DEV Community

Hardik Tyagi
Hardik Tyagi

Posted on

Introduction to Amazon Inspector and How it works

Security is crucial for everyone running applications on the cloud. Cloud security refers to the technologies, policies, and services that help to protect cloud-hosted data, applications, and infrastructure from various internet threats. Amazon Inspector is a security service that helps improve the security of deployed applications on AWS.

In this blog, we will discuss Amazon Inspector and cover topics like:

What is Amazon Inspector
Benefits of AWS Inspector
How Amazon Inspector Works
Getting Started With Amazon Inspector

What is Amazon Inspector

AWS Inspector is an automated security assessment service which helps to improve the security and compliance of applications deployed on AWS EC2 by identifying potential security issues, vulnerabilities, or deviations from security standards.

Amazon Inspector provides a clear list of the security and compliance findings assigned with a priority by the severity level. Moreover, these findings can be analyzed directly or as part of comprehensive assessment records available via the API or AWS Inspector console. AWS Inspector security assessments help you check for unintended network accessibility of EC2 instances and vulnerabilities on those EC2 instances.

Benefits of AWS Inspector

Amazon inspector is a safe and reliable service we can use for security purpose in our services, deployed applications etc. It’s an automated and managed service. Let’s see some key benefits of AWS Inspector.

Automated Service: AWS Inspector is a beneficial service for the application’s security in the AWS cloud. It can fix automatically without the interaction of human resources.

Regular Security Monitoring: Amazon Inspector helps to find security vulnerabilities in applications, as well as departures from security best practices, both before they’ve been deployed or running in production. This improves the overall security of your AWS-hosted applications.

Leverage Aws Security Expertise: AWS Inspector includes a knowledge base of numbers of rules charted to common security best practices and vulnerability definitions. It uses AWS’s Security Expertise, where AWS is constantly updating the security best practices and rules, so one gets the best of both worlds.

Integrate Security Into DevOps: AWS Inspector is an API-bound service that analyzes network configurations in your AWS account. Moreover, it uses an optional agent for visibility into EC2 instances. The agent makes it easy to build Inspector assessments right into your existing DevOps process and empowering both development and operations teams to make security assessments an essential part of the deployment process.

How Amazon Inspector Works

Amazon Inspector performs an automatic assessment and generates a findings report containing steps to keep the environment safe. To use this service, you need to define the collection of AWS all the resources that complete the application to proceed and tested. It is followed by adding and performing the security practices. You can also set the duration of that assessment which can vary from 15 Min to 12 Hrs or last for one day.

AWS Inspector process

An Inspector Agent runs on the EC2 machines hosting the application that monitors the network, file system, and process activity. After collecting all the required data, it is compared with the built-in security rules to identify security or compliance issues. It works by first defining a target set of resources using tags, then configuring an assessment template that defines what we’re looking for (common vulnerabilities and exploits (CVEs), PCI requirements, etc.) and runs an assessment against our target resources, thereby examining the findings and mitigating the issues found.

Getting Started With Amazon Inspector

AWS Inspector is a security service that helps to monitor and improve the security and compliance of web applications running inside AWS. So in this guide, we have a production EC2 instance for which we need to perform a network accessibility check.

We will set up an EC2 instance to use with Amazon Inspector and induce a security thread, and we will open port 21 on EC2. Port 21 is generally not recommended to keep open on your instances. Follow the steps mentioned below.

Step 1. Launch An EC2 Instance: Firstly, if you don’t have an AWS account, Register for an AWS Free tier account. Secondly, we will launch a Linux EC2 instance.

  1. Click on Launch Instance.
  2. Select Amazon Linux AMI(HVM), SSD Volume Type.
  3. Select Subnet and Enable Auto-assign public IP
  4. Add a Tag to your EC2 instance.
  5. Configure Security Group and Select EC2-SG(existing security group)

Step 2. Modify Security Group & Open Port 21: After launch the EC2 instance, we have to modify the security group inbound port 21 open.

Step 3. Define An Assessment target: Now, select EC2 instance as the assessment target

Go to Services and choose Amazon inspector, click on Get Started.
Define an Assessment target and check Install Agent on EC2
Step:3 of Inspector

Step 4. Define An Assessment Template: After the assessment target, now define the assessment template.

  1. Please give it a name: Hardikassessmenttemp
  2. Set Duration to 15 Min ( as its demo)
  3. Uncheck Assessment Schedule and hit Next

Step 5. Findings: Assessment Run will start automatically. Now, go to the findings and Review the risk.

Step 6. Remove Open Port: Go back to EC2 and Delete open ports.
Step 6 of inspector

Step 7. Again Review Findings: After successfully deleting open ports, we will run the Assessment and review Finding; this time, there is no High-risk showing.

Hope this gives you an Introduction to Amazon Inspector.

Let me know your thoughts in the comment section 👇
And if you haven't yet, make sure to follow me on below handles:

👋 connect with me on LinkedIn
✍️ Do Checkout my blogs

Like, share and follow me 🚀 for more content.

Discussion (0)