Skip to content

AWS Notes

Inspector

AWS Notes

Table of Contents
Identity
Identity
Compute
Compute
- Containers
  Containers
  - Basics
  - Ecr
  - Ecs
  - Eks
- Ec2
  Ec2
- Elasticbeanstalk
  Elasticbeanstalk
  - TOC
  - Basics
  - Deployment
  - Docker
- Lambda
  Lambda
  - Basics
  - Execution
  - Networking
  - Stepfunctions
  - TOC
Databases
Databases
- Athena
- Elasticcache
- Redshift
- Aurora
  Aurora
  - Index
- Dynamodb
  Dynamodb
  - TOC
  - Basics
  - Dax
  - Globaltables
  - Indexes
  - Operating
  - Streams
- Rds
  Rds
  - Index
  - Basics
  - Multiaz
  - Backups
  - Readreplicas
  - Rdssecurity
  - Aurorabasics
  - Auroraserverless
  - Rdsproxy
  - Dms
Networking
Networking
- Toc
- Apigateway
  Apigateway
  - Basics
- Hybrid
  Hybrid
- Scaling
  Scaling
  - Asg
  - Loadbalancer
- Vpc
  Vpc
Storage
Storage
- Efs
- Fsx
- Transferfamily
Security
Security
- Cloudhsm
- Guardduty
- Inspector Inspector
  Table of contents
  - Basics
- Neworkfirewall
- Trustedadvisor
- Waf
- Key management service
  Key management service
  - KMS Basics
Monitoring
Monitoring
- Awsconfig
- Cloudtrail
- Vpcflowlogs
- X ray
- Cloudwatch
  Cloudwatch
  - Basics
  - Cwlogs
  - Toc
Devops
Devops
- Basics
- Cicd
Costmanagement
Costmanagement
- Basics
Bcpdr
Bcpdr
- Disasterrecovery
Eventdriven
Eventdriven
- Architecture
- Eventbridge
- Kinesis
- Sns
- Sqs
- TOC
Machinelearning
Machinelearning
- Rekognition
- Comprehend
- Devicefarm
- Forecast
- Frauddetector
- Glue
- Kendra
- Kinesisvideostreams
- Lexconnect
- Polly
- Sagemaker
- Textract
- Transcribe
- Translate
Tbd

Inspector

Basics

Scans EC2 instances, the instance OS as well as containers and networking configurations for vulnerabilities and deviations from best practices
After the audit it provides findings in order of priority
The network assessment can be done in an agentless manner but host assessment needs an agent to be installed on the host
The Rules package decides what gets inspected
Network reachability check can be performed without an Agent
The N/w reachability check returns RecognizedPortWithListener, RecognizedPortNoListener, RecognizedPortNoAgent, UnRecognizedPortWithListener
Host assesments include Common vulnerabilities and exposures(CVE), Centre for Internet Security(CIS) benchmarks, Security Best Practices checks