AWS inspector OS baseline configuration (Optional)
Includes installing and configuring AWS Inspector Agent to assess your assessment target EC2 instances (collections of AWS resources) for potential security issues and vulnerabilities.
Please skip this step if AWS inspector is already configured for all EC2 instances.
STEP 1 Installing SSM agent
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be installed and configured on an Amazon EC2 instance. SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources.
SSM Agent will be used by AWS Inspector to install the AWS Inspector Agent on the instances so that it can fetch the instance data.
Follow links for installation
SSM Agent is preinstalled, by default
STEP 2 Creating Inspector Assessment target and template first time
Login to AWS portal with AWS Administrator role.
2.1 Get started for inspector advance setup
-
Navigate to the inspector page
-
Click Get started
-
Click Advance setup
2.2 Creating assessment target
-
Add Name (1)
-
Check the All Instances checkbox (2)
All Instances - the assessment target will include all the instances in the region (region where the Inspector resides) for assessment
-
Check the Install Agents checkbox (3) Install Agents - AWS Inspector agent will be installed on all the instances in the assessment target.
-
Click Next
2.3 Creating assessment template
-
Add Name
-
Select rules package CIS Operating System Security Configuration Benchmarks-1.0 Reference link Center for Internet Security (CIS) (2) Benchmarks
-
Set Duration (3)
-
Select Schedule (4)
-
Click Next (5)
-
Review details and Create
2.4 Run assessment template
-
Run the Assessment Template if required, by default assesment template is run on creation.
-
Verify assessment run results.
OR STEP 2 Creating Inspector Assessment target and template
Once, SSM agent is installed, users need to enable AWS Inspector in the regions where their instances reside and create assessment targets and templates.
Login to AWS portal with AWS Administrator role.
2.1 Creating Assessment target
-
Navigate to the inspector page
-
In the side menu, click on Assessment targets (1)
-
Click Create (2)
-
Add Name (3)
-
Check the All Instances checkbox (4)
All Instances - the assessment target will include all the instances in the region (region where the Inspector resides) for assessment
-
Check the Install Agents checkbox (5) Install Agents - AWS Inspector agent will be installed on all the instances in the assessment target.
-
Next. (5)
2.2 Verify assessment target
Once Assessment target is created, one can verify the status of the agents as follows:
-
Expand the Assessment Target created (1)
-
Click Preview Target (2)
-
A list of all the instances connected to the assessment target will appear
-
Verify the Agent Status Column (3)
Note : AWS Inspector and therefore Cloudneeti, will only be able to generate/display data for instances where Agent Status is Healthy.
2.3 Create and run Assessment Template
-
In the side menu, click on Assessment templates (1)
-
Click Create (2)
-
Add Name (3) and Target Name (4) of the Assessment target created in Step 1
-
Select rules package CIS Operating System Security Configuration Benchmarks-1.0 Reference link Center for Internet Security (CIS) (5) Benchmarks
-
Set Duration (6)
-
Create SNS topic for notifications of events(optional). (7)
-
Set Assessment Schedule (1)
-
Click Create or Create and run (2)
2.4 Run assessment template
-
Run the Assessment Template or wait for their schedule as per their requirement
-
Verify assessment run results.
STEP 3 Verify policy results on Cloudneeti
Cloudneeti will pick up latest analysis complete assessment run within last 30 days data from the AWS Inspector. Policies details will be available on Cloudneeti post next successful scan.