This time, we are going to discuss about the Amazon Inspector ‘V2’.
Since the Amazon Inspector V2 is based on System Manager, it requires a permission from System Manager. So, we need to create a role for EC2 Instance first.
Search for ‘IAM’.
On your left-side, you can see the ‘Roles’ tab. Click it.
Let’s create the role. Click ‘Create role’.
Select an ‘AWS service’.
Then, select the ‘EC2’ at Use case step.
Proceed to the next step.
Search for ‘AmazonSSMManagedInstanceCore’ and click it.
Name the role.
And create.
Okay then, let’s make an instance! Just proceed in the same way as the previous story, the Amazon Inspector Classic.
This is the difference from Amazon Inspector ‘Classic’. The Amazon Inspector ‘V2’ supports the Amazon Linux 2023.
(For who doesn’t know how to set a key : https://medium.com/system-weakness/attack-like-a-red-team-not-using-devops-ep-2-neutral-space-3dbb175a6ff3)
Ensure that you set the IAM instance profile we created before, so that the Amazon Inspector V2 can get a permission to scan using System Manager Agent.
And Lauch your instance.
Copy the ID of your EC2 instance.
Search for ‘Amazon Inspector’.
Click ‘By instance’ on your left-side bar.
Click ‘Resource ID’
Paste the ID you copied.
Yeah, it will say “No findings”. We cannot scan vulnerabilities at the desired time. That’s the weakness of the Amazon Inspector V2.
The Amazon Inspector V2 scans vulnerabilities only after we create an instance, or install some new packages.
But if you want to know if it is scanning or nah, you can check the status at ‘Resources coverage - EC2 instances’.
Click ‘Scanning’.
You can see the Amazon Inspector V2 analyzing our instance.
Let’s install some outdated packages on our instance.
I’m going to install the outdated tomcat.
Additionally, install npm package manager to test if the Amazon Inspector V2 can scan vulnerabilities of packages installed with other package manager.
Let’s install an outdated cowsay package with npm package manager.
As I said, the Amazon Inspector V2 found vulnerabilities after we installed the outdated packages.
Click your EC2 instance’s ID to see the result.
It successfully detected the outdated tomcat..
I couldn’t find the result of the cowsay we installed, but in comparison to the Amazon Inspector Classic, we can see the Amazon Inspector V2 can detect vulnerabilities in packages installed with other package manager.
That’s it! Thank u.
