Amazon Inspector
Amazon Inspector is an automated, agent-based security and vulnerability assessment service for your AWS resources. As of now, it supports only EC2 instances. It essentially complements devops culture in an organization, and it integrates with continuous integration and continuous deployment tools.
To begin with, you install an agent in your EC2 instance, prepare an assessment template, and run a security assessment for this EC2 instance.
Amazon Inspector will collect data related to running processes, the network, the filesystem and lot of data related to configuration, the traffic flow between AWS services and network, the secure channels, and so on.
Once this data is collected, it is validated against a set of predefined rules known as the rules package, that you choose in your assessment template, and you are provided with detailed findings and issues related to security, categorized by severity.
The following figure shows the Amazon Inspector splash screen with three steps...