Hands-On Lab: Using Amazon Inspector to Assess EC2 Instance Security

Introduction

Amazon Inspector is a powerful AWS service that allows you to find vulnerabilities on your EC2 instances. It performs assessments to identify security issues and potential vulnerabilities on your Amazon Elastic Compute Cloud (Amazon EC2) instances. In this hands-on lab, you will learn how to configure Amazon Inspector to assess the security of an EC2 instance.

What is Amazon Inspector?

Amazon Inspector offers two types of assessment runs:

1. Network Assessment: This assessment checks the network reachability of your EC2 instances. It uses network reachability rules to identify issues related to connectivity.
2. Host Assessment: Host assessments are more comprehensive and involve checking for various types of vulnerabilities, including common vulnerabilities and exposures (CVEs), Center for Internet Security (CIS) benchmarks, and security best practices.

Each rule in Amazon Inspector is assigned a severity level, which can be High, Medium, Low, or Informational. Informational findings are recommendations based on best practices.

Architecture Diagram

Lab Steps

Task 1: Sign in to AWS Management Console

1. Click on the “Open Console” button to access the AWS Management Console. This will open a new browser tab.
2. On the AWS sign-in page, leave the Account ID as default and do not edit or remove it. Copy your IAM Username and Password from the Lab Console and paste them into the respective fields in the AWS Console.
3. Click the “Sign in” button.
4. Once signed in, set the default AWS Region to “US East (N. Virginia) us-east-1.”

Task 2: Launching an EC2 Instance

1. Ensure that you are in the “US East (N. Virginia) us-east-1” Region.
2. Navigate to EC2 by clicking on “Services” in the top menu, then selecting “EC2” in the Compute section.
3. In the left panel, click on “Instances,” then click on “Launch Instances.”
4. Configure the instance settings as follows:
   • Name: Inspector-EC2
5. Under “Application and OS Images (Amazon Machine Image),” select the “Quick Start” tab and choose “Amazon Linux 2 AMI.”
6. Select the “Instance Type” as “t2.micro.”
7. Under “Key Pair (login),” click on “Create new key pair,” and configure it as follows:
   • Key pair name: MyEC2Key
   • Key pair type: RSA
   • Private key file format: .pem or .ppk (Choose the format you prefer)
8. Click “Create key pair” and select the created key pair.
9. Under “Network Settings,” click “Edit” and configure it as follows:
   • Auto-assign public IP: Enable
   • Firewall (security groups): Create a new security group with the following settings:
     • Security group name: Inspector-SG
     • Description: Security group for Inspector EC2
     • Add inbound rules for SSH (port 22), FTP (port 21), and Telnet (port 23) to allow access from anywhere (ALL IP addresses accessible).
10. Keep all other settings as default, and click the “Launch instance” button.
11. Wait for the instance to launch and note down the sample IPv4 Public IP Address of the EC2 instance.

Task 3: SSH into EC2 Instance

Follow the provided instructions to SSH into the EC2 instance using the key pair you created.

Task 4: Install an AWS Agent

1. Switch to the root user using the following command:bashCopy codesudo su
2. Download the AWS Agent installation script using one of the following commands:bashCopy codewget https://inspector-agent.amazonaws.com/linux/latest/install orbashCopy codecurl -O https://inspector-agent.amazonaws.com/linux/latest/install
3. Install the AWS Agent by running the following command:bashCopy codesudo bash install

Task 5: Create an Assessment Target

1. Navigate to Amazon Inspector by clicking on “Services” in the top menu, then selecting “Inspector” in the Security, Identity & Compliance section.
2. Expand the left sidebar and switch to “Amazon Inspector Classic.”
3. On the home page, click the “Get started” button.
4. Click “Cancel” on the right bottom corner to see the options for assessment runs: “Run weekly,” “Run once,” and “Advanced setup.” For this lab, choose “Advanced setup.”
5. In the left sidebar, click “Assessment targets.”
6. Click “Create.”
7. Fill in the details for the assessment target:
   • Name: Demo
   • All instances: Select “Include all EC2 instances in this AWS account and region.”
   • Install Agents: Selected by default
8. Click the “Save” button to create the assessment target.
9. Click “OK” on the pop-up menu to confirm.

Task 6: Create an Assessment Template

1. In the left sidebar, click “Assessment templates.”
2. Click “Create.”
3. Fill in the following details:
   • Name: Whiz
   • Target Name: Select “Demo”
   • Rules packages: Select all four rules packages one by one.
   • Duration: 15 Minutes
4. Keep all other options as default, and click the “Create” button.

Task 7: Run the Assessment Template

1. Select the assessment template named “Whiz” and click on the “Run” button (ignore any error messages that may appear).
2. The assessment run will start.
3. To see the assessment run and its results, click on “Assessment runs” in the left sidebar.
4. Click on the number of findings to view the vulnerabilities found by Inspector on the EC2 instance.

Task 8: Download the Assessment Run Report

1. Click on “Assessment runs” in the left sidebar.
2. Wait for the Collection status in Assessment to become “Analysis Completed” (this may take up to 10 minutes).
3. Choose the “Download report” button.
4. After clicking on “Download report,” select the report type as “Findings report” and report format as “PDF.” Click on the “Generate Report” button.
5. The report will be generated and open in a new tab of your browser.

Note: Informational severity vulnerabilities may not be shown in the report. To view them, regenerate the report with the “Full report” option.

Task 9: Validation Test

After completing the lab steps, click on the “Validate” button on the left-side panel to validate the resources in your AWS account and check if you have successfully completed the lab.

Completion and Conclusion

Congratulations! You have successfully completed this lab, which involved launching an Amazon EC2 instance, configuring an Amazon Inspector assessment target and template, running the template to find vulnerabilities on the configured EC2 instance, and downloading the assessment run report.

By mastering Amazon Inspector, you can better secure your EC2 instances and infrastructure by identifying and addressing potential security issues and vulnerabilities.