EC2 Image Builder with Amazon Inspector - different rule packages?

Question

I've built golden image pipeline with EC2 Image Builder. It works perfectly fine.

Now I want to integrate it with Amazon Inspector and there is aws-managed test component which I can add easily to my pipeline - inspector-test-linux. The issue here for me is that it uses the 'CIS Operating System Security Configuration Benchmarks-1.0' rule package. I want to use another, simpler package - 'Common Vulnerabilities and Exposures-1.1' but didn't manage to find any options on how to achieve that. Question here is is that possible?

Thank you in advance!

score 1 · Answer 1 · answered Jul 11 '21 at 00:16

The inspector-test-component AWS managed component is pre-built for performing CIS assessments with Amazon Inspector in EC2 Image Builder. https://docs.aws.amazon.com/imagebuilder/latest/userguide/how-image-builder-works.html#image-builder-compliance

You would need to create a custom scripted component to use a different set of package with Amazon Inspector. Another option is to create a component to only install Amazon Inspector agent in the build process, and run checks outside the image building process when an instance is spun up from the image.

EC2 Image Builder with Amazon Inspector - different rule packages?

1 Answers1