1 00:00:00,000 --> 00:00:02,790 ‫So now let's talk about Amazon Inspector. 2 00:00:02,790 --> 00:00:04,740 ‫So Amazon Inspector is a service that allows you 3 00:00:04,740 --> 00:00:09,030 ‫to run automated security assessments on a couple of things. 4 00:00:09,030 --> 00:00:11,490 ‫First of all, on the E2 instances. 5 00:00:11,490 --> 00:00:15,390 ‫So you are going to be leveraging the Systems Manager agent 6 00:00:15,390 --> 00:00:18,360 ‫on your EC2 instances and Amazon Inspector 7 00:00:18,360 --> 00:00:20,670 ‫is going to start to assess the security 8 00:00:20,670 --> 00:00:22,380 ‫of that E2 instance. 9 00:00:22,380 --> 00:00:24,960 ‫It's going to analyze against unintended network 10 00:00:24,960 --> 00:00:28,980 ‫accessibility and also analyze the running operating system 11 00:00:28,980 --> 00:00:31,350 ‫for known vulnerabilities. 12 00:00:31,350 --> 00:00:33,540 ‫This is done continuously. 13 00:00:33,540 --> 00:00:36,120 ‫Then we have also Amazon Inspector 14 00:00:36,120 --> 00:00:39,360 ‫for your Container Images push to Amazon ECR. 15 00:00:39,360 --> 00:00:41,190 ‫For example, your Docker images. 16 00:00:41,190 --> 00:00:44,310 ‫So as your Container Images are being pushed 17 00:00:44,310 --> 00:00:47,220 ‫to Amazon ECR, they will be analyzed 18 00:00:47,220 --> 00:00:51,540 ‫by Amazon Inspector against known vulnerabilities. 19 00:00:51,540 --> 00:00:54,510 ‫And we also have Amazon Inspector for Lambda functions. 20 00:00:54,510 --> 00:00:56,850 ‫So Lambda functions, when they're deployed, 21 00:00:56,850 --> 00:00:58,620 ‫will be analyzed again 22 00:00:58,620 --> 00:01:01,890 ‫by Inspector for software vulnerabilities 23 00:01:01,890 --> 00:01:05,400 ‫in the function code and the package dependencies. 24 00:01:05,400 --> 00:01:07,320 ‫And this assessment happens 25 00:01:07,320 --> 00:01:09,960 ‫as the functions are being deployed. 26 00:01:09,960 --> 00:01:13,020 ‫So once Amazon Inspector is done doing its job, 27 00:01:13,020 --> 00:01:14,640 ‫it can report its findings 28 00:01:14,640 --> 00:01:19,640 ‫into the AWS Security Hub and also send findings 29 00:01:20,460 --> 00:01:24,210 ‫and events of these findings into Amazon EventBridge. 30 00:01:24,210 --> 00:01:26,310 ‫This gives you one way to centrally 31 00:01:26,310 --> 00:01:30,540 ‫see the vulnerabilities running on your infrastructure 32 00:01:30,540 --> 00:01:33,513 ‫and with EventBridge you can run some kind of automations. 33 00:01:34,410 --> 00:01:37,470 ‫So what does Amazon Inspector evaluate? 34 00:01:37,470 --> 00:01:39,900 ‫You have to remember, the Inspector is only 35 00:01:39,900 --> 00:01:43,680 ‫for your running EC2 instances, your Container Images 36 00:01:43,680 --> 00:01:46,740 ‫on Amazon ECR and your Lambda functions. 37 00:01:46,740 --> 00:01:48,480 ‫And it's going to do a continuous scanning 38 00:01:48,480 --> 00:01:51,600 ‫of the infrastructure only when needed. 39 00:01:51,600 --> 00:01:52,800 ‫So it's going to look 40 00:01:52,800 --> 00:01:55,477 ‫at a database of vulnerabilities, so CVE, 41 00:01:56,520 --> 00:02:00,750 ‫for package vulnerability for EC2, ECR and Lambda. 42 00:02:00,750 --> 00:02:01,583 ‫And it's going to look 43 00:02:01,583 --> 00:02:05,190 ‫at network reachability on Amazon EC2 44 00:02:05,190 --> 00:02:08,850 ‫and in case the database of CVE gets updated, 45 00:02:08,850 --> 00:02:11,340 ‫then Amazon Inspector is going to automatically 46 00:02:11,340 --> 00:02:12,720 ‫run again to make sure 47 00:02:12,720 --> 00:02:16,170 ‫that all your infrastructure is tested one more time. 48 00:02:16,170 --> 00:02:17,760 ‫Every time it will run, 49 00:02:17,760 --> 00:02:20,220 ‫a risk score is going to be associated 50 00:02:20,220 --> 00:02:23,700 ‫with all the vulnerabilities for prioritization. 51 00:02:23,700 --> 00:02:25,530 ‫So that's it for Amazon Inspector. 52 00:02:25,530 --> 00:02:28,503 ‫I hope you liked it and I will see you in the next lecture.