EC2 vulnerability and compliance violation alerting powered by Amazon Inspector

Michael Wittig – 25 Jan 2021

The AWS Shared Responsibility Model is clear: running EC2 instances comes with many customer responsibilities. You have to patch your EC2 instances, harden the operating system, encrypt your data, secure remote access, and many more. But how can you tell that you are not meeting your responsibilities?

EC2 vulnerability and compliance violation alerting

In this blog post, you learn to automatically check your EC2 instances for:

  • Unintended network accessibility
  • Vulnerabilities
  • Deviations from best practices (such as CIS Amazon Linux 2 Benchmark)

Amazon Inspector is the service of choice. Inspector relies on an agent to collect the needed information on your EC2 instances. Findings are presented in a table and include remediation hints.

Amazon Inspector Findings

As soon as a violation is detected, your team is notified in Slack or Microsoft Teams by marbot.

Let’s get started.

Installation

  1. Install marbot (Slack or Microsoft Teams).
  2. Invite marbot to one of your channels.
  3. Send @marbot Create an SNS topic to the channel.
  4. Follow the wizard in the channel.
  5. Visit the Amazon Inspector Management Console and press the Get started button.
  6. Select the Advanced setup.
    Amazon Inspector Setup: Step 1
  7. Keep the defaults and press Next.
    Amazon Inspector Setup: Step 2
  8. Set the Assessment Schedule to 1 day and press Next.
    Amazon Inspector Setup: Step 3
  9. Press Create.
  10. Expand the assessment template Assessment-Template-Default-All-Rules and edit the SNS topics.
    Amazon Inspector Setup: Step 4
  11. Select the SNS topic with marbot-standalone-topic in its name and press Save.
    Amazon Inspector Setup: Step 5

That’s it. New findings are reported to Slack or Microsoft Teams like this:

Amazon Inspector Finding

If your EC2 instances are not running the SSM agent, you have to install the Inspector agent manually.

Michael Wittig

Michael Wittig

Consultant focusing on Amazon Web Services (AWS). Entrepreneur building marbot.io. Author of Amazon Web Services in Action, Rapid Docker on AWS, and cloudonaut.io.

You can contact me via Email, Twitter, and LinkedIn.

Published on

marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Slack
Add to Slack
Microsoft Teams
Add to Teams