AWS DevOps SRE/Infrastructure Engineer at Capgemini
Real User
Top 5
2025-09-02T12:03:37Z
Sep 2, 2025
The most challenging aspect I faced with Amazon Inspector during integration was automating the remediation process. Amazon Inspector gives us a nice list of all existing vulnerabilities needing our attention, and while we can connect to an existing EC2 instance suffering from security vulnerabilities reported by Inspector, we can't manage that for 1,000 EC2 instances without wasting time. Thus, we need to automate the process from end to end to avoid wasting the DevOps team's time. AWS published a helpful article about this issue, clarifying steps on how we could integrate Amazon Inspector with the Security Hub, and a CloudFormation template already exists for deployment using Terraform, with the ability to run everything using Python. What I did was look at this AWS article and work on converting the manual process into an automated one using Python. I rely on some specific metrics or data points during the evaluation process, including other tools such as SonarQube, which is a third-party tool that we can integrate with our CI/CD pipeline to scan deployed packages before pushing them to Docker images. However, SonarQube does not support scanning for EC2 instances. There may be other tools that can perform that function, but I'm not sure. I know that SonarQube provides benefits for scanning Docker images, which is also supported by Amazon Inspector for security scanning. I advise other users looking into implementing Amazon Inspector to avoid just enabling it and looking at the nice list of security vulnerabilities. They would need to implement an automation solution to remediate the actual security vulnerabilities. Without this automation, Amazon Inspector only looks a nice dashboard providing a lot of information regarding security concerns that can't be resolved until action is taken, such as implementing a remediation solution. It should be automated, especially since you might have 1,000 EC2 instances, each with different security vulnerabilities or outdated packages that need remediation. Thus, implementing this process only once using infrastructure as code, perhaps with Python what I did, is worth it; this allows you to monitor the results and only intervene if necessary. On a scale of 1-10, I rate Amazon Inspector a 9.
Co-Founder, Professional AWS Cloud Architect at a tech services company with 1-10 employees
Real User
Top 5
2025-01-20T11:27:00Z
Jan 20, 2025
There is so much to consider. I had an issue recently with a critical vulnerability in a program called OrSync, and I needed to determine how many EC2 instances were affected. I could quickly provide the security operation center with a list of the EC2 instances, their accounts, and who was responsible for them, enabling responsible parties to patch the vulnerabilities. New vulnerabilities emerge constantly. There is a dashboard in Inspector listing critical vulnerabilities found across the estate. I have used it to educate users, emphasizing the need to monitor this dashboard for their accounts seriously. We have set up SLAs specifying how long critical, high, and medium CVEs should be present. For critical resources, immediate action is required. It's automatically integrated when enabled in the organization, and any new account added is scanned by Inspector, so it is very easy and almost automatic. The overall product rating is nine out of ten.
The advice for new users is to purchase Amazon Inspector, implement it, keep it running, and review it at least once a month, especially if they have infrastructure as a service or platform as a service in use. I'd rate the solution nine out of ten.
Information Security Engineer at a financial services firm with 10,001+ employees
Real User
Top 20
2024-03-27T15:55:38Z
Mar 27, 2024
Overall, I would rate the solution a seven out of ten. I would recommend it, but that depends on the size of the account, their specific use cases, and overall requirements.
I recommend Amazon Inspector because it allows the automation of processes and requires less manual monitoring. Overall, I rate Amazon Inspector nine on a scale of one to ten.
Developer at a sports company with 501-1,000 employees
Real User
Top 5
2024-03-05T06:38:15Z
Mar 5, 2024
Just try it once and find your path forward because it's very easy to set up. If you're just starting, the native tools are the best way to start. Only when there are some advanced use cases should you look for anything beyond AWS. So, if you're already starting something in AWS, it's best to get started with the native tools. Overall, I would rate the solution a ten out of ten.
I would recommend to go for a third-party tool. Not unless you have restrictions on using only native services. The main thing is, with a single third-party tool, we get even threat assessment, runtime assessment, and vulnerability assessment, which Amazon Inspector only provides with GuardDuty on top. So, it's an all-in-one package in a third-party tool. In AWS, you need to leverage multiple services like GuardDuty for threat detection, which makes the whole thing cumbersome. That's why I suggest looking at third-party options. Even in the future, if we're shifting from AWS to SDR, for example, we can stick with those third-party services because the knowledge gained would apply to other clouds as well. So, in most cases, I'd recommend considering third-party tools. Overall, I would rate the solution a six out of ten.
Security is very critical to maintain. If you don't have a dedicated security team, it allows you to be more productive and confident in your solutions at scale, without having a dedicated team scanning and focusing on security. I would rate it an eight out of ten. It does its job in what we're looking for. Any software or any product always has room to improve. That's the only reason why I'm not giving it a ten.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via...
The most challenging aspect I faced with Amazon Inspector during integration was automating the remediation process. Amazon Inspector gives us a nice list of all existing vulnerabilities needing our attention, and while we can connect to an existing EC2 instance suffering from security vulnerabilities reported by Inspector, we can't manage that for 1,000 EC2 instances without wasting time. Thus, we need to automate the process from end to end to avoid wasting the DevOps team's time. AWS published a helpful article about this issue, clarifying steps on how we could integrate Amazon Inspector with the Security Hub, and a CloudFormation template already exists for deployment using Terraform, with the ability to run everything using Python. What I did was look at this AWS article and work on converting the manual process into an automated one using Python. I rely on some specific metrics or data points during the evaluation process, including other tools such as SonarQube, which is a third-party tool that we can integrate with our CI/CD pipeline to scan deployed packages before pushing them to Docker images. However, SonarQube does not support scanning for EC2 instances. There may be other tools that can perform that function, but I'm not sure. I know that SonarQube provides benefits for scanning Docker images, which is also supported by Amazon Inspector for security scanning. I advise other users looking into implementing Amazon Inspector to avoid just enabling it and looking at the nice list of security vulnerabilities. They would need to implement an automation solution to remediate the actual security vulnerabilities. Without this automation, Amazon Inspector only looks a nice dashboard providing a lot of information regarding security concerns that can't be resolved until action is taken, such as implementing a remediation solution. It should be automated, especially since you might have 1,000 EC2 instances, each with different security vulnerabilities or outdated packages that need remediation. Thus, implementing this process only once using infrastructure as code, perhaps with Python what I did, is worth it; this allows you to monitor the results and only intervene if necessary. On a scale of 1-10, I rate Amazon Inspector a 9.
There is so much to consider. I had an issue recently with a critical vulnerability in a program called OrSync, and I needed to determine how many EC2 instances were affected. I could quickly provide the security operation center with a list of the EC2 instances, their accounts, and who was responsible for them, enabling responsible parties to patch the vulnerabilities. New vulnerabilities emerge constantly. There is a dashboard in Inspector listing critical vulnerabilities found across the estate. I have used it to educate users, emphasizing the need to monitor this dashboard for their accounts seriously. We have set up SLAs specifying how long critical, high, and medium CVEs should be present. For critical resources, immediate action is required. It's automatically integrated when enabled in the organization, and any new account added is scanned by Inspector, so it is very easy and almost automatic. The overall product rating is nine out of ten.
The advice for new users is to purchase Amazon Inspector, implement it, keep it running, and review it at least once a month, especially if they have infrastructure as a service or platform as a service in use. I'd rate the solution nine out of ten.
Overall, I would rate the solution a seven out of ten. I would recommend it, but that depends on the size of the account, their specific use cases, and overall requirements.
I recommend Amazon Inspector because it allows the automation of processes and requires less manual monitoring. Overall, I rate Amazon Inspector nine on a scale of one to ten.
Just try it once and find your path forward because it's very easy to set up. If you're just starting, the native tools are the best way to start. Only when there are some advanced use cases should you look for anything beyond AWS. So, if you're already starting something in AWS, it's best to get started with the native tools. Overall, I would rate the solution a ten out of ten.
I would recommend to go for a third-party tool. Not unless you have restrictions on using only native services. The main thing is, with a single third-party tool, we get even threat assessment, runtime assessment, and vulnerability assessment, which Amazon Inspector only provides with GuardDuty on top. So, it's an all-in-one package in a third-party tool. In AWS, you need to leverage multiple services like GuardDuty for threat detection, which makes the whole thing cumbersome. That's why I suggest looking at third-party options. Even in the future, if we're shifting from AWS to SDR, for example, we can stick with those third-party services because the knowledge gained would apply to other clouds as well. So, in most cases, I'd recommend considering third-party tools. Overall, I would rate the solution a six out of ten.
Security is very critical to maintain. If you don't have a dedicated security team, it allows you to be more productive and confident in your solutions at scale, without having a dedicated team scanning and focusing on security. I would rate it an eight out of ten. It does its job in what we're looking for. Any software or any product always has room to improve. That's the only reason why I'm not giving it a ten.