##What is Amazon Inspector?
The name Inspector for this service fits in. As in real life, Inspector is responsible for individuals to follow protocols, defined guidelines. Same way in AWS, Inspector is responsible for security and compliance issues in your application. It analyze the behavior of the applications deployed on the AWS instances to identify potential security issues. Amazon Inspector is a set of built-in rules, best practices against which the application will be tested. And Inspector generates a detailed report of the findings and loopholes in the application and also suggests steps for remediation.
##Why is Inspector required?
Inspector is automated, repeatable, and low cost(no licencing for property tools) Its serverless, one less server to maintain ;-) It is built on Amazon’s 20 years of operation knowledge No dedicated Security team required
##How does it work?
###1. Install agents on EC2 instances
This Inspector agent collects all the data from ec2 instances to the Inspector. Agent can be installed by downloading from
wget https://s3-us-west2.amazonaws.com/inspector.agent.us-west-2/latest/install" and "sudo bash install”.
Can start / stop the agent by
sudo /etc/init.d/inspector start/stop”
By default Amazon Linux ships with agents installed.
###2. Tag Tag the instances with application specific information; a collection of AWS resources that counts for your application.
###3. Configure Amazon Inspector - Create an assessment, give it a logical name - Add Set-of-Rules required for assessment - Define the duration of the assessment
Image Source: AWS Website
###4. Start the assessment Click on Start button
###5. Exercise the application Manually testing the application, automation etc
As, the application being exercised, an Inspector agents running on each instances collects file system, process and network activities. Agents also collects the information about other AWS services used by the application like s3 endpoints, network traffic between ensctances. All these informations from agents provides Inspector a complete understanding of the application. All the collected data is analyzed and compared against the set of built-in security rules selected in Step:3
###6: The Report After the assessment, Inspector generates a detailed report of any vulnerability or compliance issue and prioritize steps for remediation.
The preview launch of the Inspector will have the following set of rules:
- Common Vulnerabilities and Exposures
- Network Security Best Practices
- Authentication Best Practices
- Operating System Security Best Practices
- Application Security Best Practices
- PCI DSS 3.0 Assessment
Get your hands dirty by Sign up for the Inspector preview
I will revisit this section again to dive deeper into configuration, use-case, advantages once Amazon Inspector is full blown service in AWS offerings.
The Remote Lab DevOps Offerings:
Please leave your comments below if you have any doubts or questions.