How to Enhance Your EC2 Security with Amazon Inspector
Cloud storage has become a staple in this digital age where most businesses are shifting their operations online. One of the most acclaimed players in this space is Amazon Web Services (AWS), known for its robust and wide-ranging services. AWS has made significant strides in ensuring data security, offering users various security tools. Today, let’s zoom in on one such tool — the Amazon Inspector. It’s an automated safety feature designed to augment your applications’ security.
This walkthrough will help you get hands-on with Amazon Inspector, assisting you in setting it up, using it to scrutinize an EC2 instance, and bolstering your AWS ecosystem’s security.
Step 1: Create a Security Group for an EC2 Instance
Kick things off by logging into your AWS Management Console dashboard. Type ‘VPC’ in the search box and click it. On the left sidebar, you’ll find an option called ‘Security Groups’ — click on it.
Next, click the ‘Create security group’ button and fill in the required details to create a new security group named ‘inspectorSG’. Now, it’s time to adjust the group settings to allow all inbound traffic from the internet into your instance. (this should not be the case when doing it in a business setup)
Step 2: Create an EC2 Instance
Type ‘EC2’ into the search box and select the EC2 icon. Then, click the ‘Launch instance’ button and key in the required details.
Retain the default Amazon Machine Image (AMI) and select your key pair. All network settings should remain at default except the security group, which you should switch to ‘Select an existing security group’ and then select ‘inspectorSG’ from the dropdown.
Before we wrap up this stage, paste the necessary bash commands into the user data box under ‘Advanced details’.
In my case, I'm cloning the repository https://github.com/abirhasn07/T-House.git which will be hosted on my EC2 instance. Fell free to host any resource of your choice.
#!/bin/bash
# Update Amazon Linux
sudo yum update -y
# Install Apache server
sudo yum install httpd -y
# Start Apache server
sudo systemctl start httpd
# Install Git
sudo yum install git -y
# get home
cd /home/ec2-user
# Clone the GitHub repository
git clone https://github.com/abirhasn07/T-House.git
# Move repository files to /var/www/html directory
sudo mv /home/ec2-user/T-House/* /var/www/html/Now launch your instance.
Step 3: Tag the EC2 Instance
Turn your attention to the left checkbox corresponding to your instance. Click on it and then select ‘Tags’ at the bottom right of the screen. Hit ‘Manage tags’ followed by ‘Add new tag’. Populate the Key field with ‘scan_ec2’ and the Value field with ‘true’.
Step 4: Scan with Amazon Inspector
Time to bring Amazon Inspector into play! Look for it in the search box and select the corresponding option. Once in, toggle to ‘Inspector Classic’. Then, click ‘Get Started’, followed by ‘Advanced setup’.
Define your assessment target (consider using ‘scanEC2Instance’) and select the tag you assigned to your EC2 instance in the previous step. Further, lay out an assessment template and select the vulnerabilities you want to scan for.
Once you’ve confirmed all the details, click ‘Create’. You can keep tabs on the assessment status by navigating to ‘Assessment runs’ on the left pane. As soon as the scan completes, ‘Findings’ will provide insights into the security issues flagged by Amazon Inspector.
Step 5:Mitigate Identified Threats
After carefully reviewing the findings, adjust your security group configuration as needed. For this, head to EC2 via the Management Console Search and click ‘Security Groups’ on the left sidebar. Next, select ‘inspectorSG’, ‘Inbound rules’, and then ‘Edit inbound rules’. Remove the rule that allows all traffic and add custom rules as necessary.
Step 6: Verification — Re-scan with Amazon Inspector
Finally, let’s double-check our work. Head back to Amazon Inspector Classic, select the checkbox for the EC2-scan-template, and click the ‘Run’ button. Make sure to scrutinize the ‘Findings’ for any remaining threats.
There you have it, a comprehensive guide on navigating the waters of AWS security with the Amazon Inspector. Remember, it’s not a silver bullet, but it’s a vital arrow in your quiver as you aim to protect your data from the lurking dangers of the digital world.