What is Amazon Inspector?
Amazon Inspector is an automated security scanner for AWS workloads. The service continuously finds vulnerabilities in EC2 instances, Lambda functions, container images, and code repositories and CI/CD pipelines, in many cases without requiring you to install agents or manually start scans.
Inspector compares software packages and configurations against a broad base of threat intelligence sources and identifies known CVEs. The service also analyzes network configurations and finds unintentionally exposed ports or services. Risk scoring prioritizes findings by exploitability and impact to reduce time to remediation.
Core Features
- Automatic, continuous scanning of supported workloads
- CVE detection with risk scoring and severity prioritization
- Network reachability analysis for EC2 instances
- Container image scanning in Amazon ECR plus scanning of code repositories and CI/CD tools
- Software bill of materials (SBOM) export for a central view of components in use
- Integration with Security Hub for centralized finding management
Common Use Cases
Compliance Audits: Inspector provides automated evidence of infrastructure security posture and supports common compliance frameworks. Findings document which vulnerabilities were detected and remediated when.
DevSecOps Pipelines: Container images and code repositories are scanned as part of CI/CD processes. Builds can be blocked on critical vulnerabilities before reaching production.
Continuous Security Monitoring: Inspector automatically scans on software updates or new CVE publications. Teams receive timely notifications about new risks.
Benefits
- Typically no dedicated agent management needed for Lambda and container scans
- Automatic prioritization by exploitability and impact
- Multi-account support via AWS Organizations
- Integration with EventBridge for automated remediation
Integration with innFactory
As an AWS Reseller, innFactory supports you with Amazon Inspector: setup for multi-account environments, CI/CD pipeline integration, automated remediation workflows, and Security Hub dashboard configuration.
Typical Use Cases
Frequently Asked Questions
What is Amazon Inspector?
Amazon Inspector is an automated vulnerability scanner for AWS workloads. The service analyzes EC2 instances, Lambda functions, container images in Amazon ECR, and code repositories and CI/CD tools for known security vulnerabilities (CVEs) and network misconfigurations. Inspector provides prioritized findings with remediation recommendations.
How much does Amazon Inspector cost?
Inspector is billed on a usage basis per scanned workload, such as per EC2 instance per month, per Lambda function per month, and per initial container image scan and rescan. Optional code scans are also available for Lambda. New accounts get a free trial period; current prices are listed on the official pricing page.
How does Inspector differ from GuardDuty?
Inspector is proactive and finds vulnerabilities before an attack through CVE scans and configuration analysis. GuardDuty is reactive and detects active threats by analyzing logs and network traffic. Both services complement each other and are often used together.
What vulnerabilities does Inspector detect?
Inspector uses more than 50 threat intelligence sources and detects software vulnerabilities (CVEs), network reachability of EC2 instances, package vulnerabilities in operating systems and applications, and vulnerabilities in container images and code repositories. Findings are prioritized by risk to reduce mean time to remediate.
How do I enable Amazon Inspector?
Inspector can be enabled for EC2, Lambda, and ECR in just a few clicks. For EC2, both an agent-based and an agentless scanning mode are available; Lambda and ECR require no agent installation. Multi-account activation via AWS Organizations is possible.
Note: All product information on this page has been compiled with care, but is provided without guarantee and may be outdated or incomplete. Cloud services evolve rapidly — features, pricing, SLAs, and availability change frequently. Authoritative and up-to-date information can only be found on the official product page of AWS (official documentation). This page does not represent an offer by AWS.