Table of Contents
What is AWS Inspector and what are its features
When used with AWS Config rules, AWS Inspector provides visibility into changes to resources across your AWS accounts, including those made by users who don’t have the required permissions. This helps prevent unauthorized access and ensures that changes are compliant with internal and industry regulations.
With AWS Inspector, you can:
Use a new set of rules, AWS Config Rules, to maintain an inventory of your resources and track changes to the configuration of these resources over time. Edit config rules without redeploying code or changing the source code. These config rules include checks for EC2 instance metadata, user permissions and IP addresses, among others.
Track the changes being made to your AWS resources and know how these changes impact the security of your environment.
When should you use AWS Inspector over Guardduty
We recommend using AWS Inspector for any environment that includes AWS accounts. For environments that include accounts from multiple organizations, or have multiple managed service providers (MSPs), we recommend using Guardduty for initial setup and onboarding. This allows you to get visibility into your environment quickly, before expanding to include all accounts using AWS Inspector.
If you need to get visibility into accounts that are not included with your Guardduty subscription, or if you have an MSP and you want to onboard them using AWS Inspector, you can use the service for up to 250 accounts. Contact AWS Support for details on the process.
AWS Inspector is a powerful security and compliance tool that you can use to monitor and audit your AWS accounts. AWS Inspector can help you identify, track, and secure against potential vulnerabilities to very specific types of accounts in your AWS environment. While you may be able to secure against the vulnerabilities by using other tools in the AWS account that are not available through AWS Inspector, it’s important to understand that there is no way for an MSP or customer to know which accounts are being protected by which tool. If a customer has multiple accounts and an MSP that is monitoring all of them, an MSP must have visibility into all of these accounts in order to be able to analyze their security status.
Here are some common customer questions about AWS Inspector and Guardduty.
Q: What’e the difference between Guardduty and AWS Inspector?
How much does each service cost
AWS Inspector is free to use while you’re onboarding. Once you have it up and running, you can control the number of investigations per month and suspend or terminate them at any time. You can also roll back changes by recovering an investigation that has been terminated, suspended, or deleted. You can set up a schedule for when your investigations run, but you don’t have to pay for unused investigations beyond your plan limit.
AWS documentation
AWS Guard Duty is available on a pay-as-you-go basis. For more information, please visit the AWS Guard Duty pricing page.
AWS documentation
References: https://aws.amazon.com/inspector-for-amazon-web-services/pricing/
https://aws.amazon.com/guardduty/pricing/
The following example shows how to specify the parameter for an Amazon S3 bucket used for text-to-speech in your AWS Lambda function:
Which service is better for your business
AWS Inspector provides a better interface for viewing AWS resources, items, and configurations. AWS Inspector also helps you identify which accounts are responsible for important configuration changes. However, we recommend using Guardduty for environments that include AWS accounts from multiple organizations or MSPs, or that have multiple managed service providers. Guardduty is a simple solution to monitor your AWS environment and can provide basic configuration monitoring as well as help mitigate risks in your environment by detecting unauthorized access to AWS resources. You can also use Guardduty to monitor not only your AWS environment but also your on-premises IT assets.
AWS Inspector provides a number of features that help you manage your AWS environment. For example, it helps you monitor configuration changes and verify compliance with policies such as the Amazon Web Services Trust Center policy. It also provides insights into your AWS environment by showing which accounts are using popular services, including IAM and EC2, that are consuming memory or EBS volumes. If a particular account is moving up in rank and consuming too many resources or taking up too much of your budget, you can investigate further to see what is happening. AWS Inspector also provides links to usage reports, allowing you to easily summarize what is happening in your AWS environment.
During this tutorial we will configure AWS Inspector and Guardduty to provide a level of automated monitoring for the AWS environment. First, let’s install Guardduty on our Linux server.
