Reputation: 11
EC2 Image Builder with Amazon Inspector - different rule packages?
I've built golden image pipeline with EC2 Image Builder. It works perfectly fine.
Now I want to integrate it with Amazon Inspector and there is aws-managed test component which I can add easily to my pipeline - inspector-test-linux. The issue here for me is that it uses the 'CIS Operating System Security Configuration Benchmarks-1.0' rule package. I want to use another, simpler package - 'Common Vulnerabilities and Exposures-1.1' but didn't manage to find any options on how to achieve that. Question here is is that possible?
Thank you in advance!
Upvotes: 1
Views: 1210
Answers (1)
Reputation: 221
The inspector-test-component AWS managed component is pre-built for performing CIS assessments with Amazon Inspector in EC2 Image Builder. https://docs.aws.amazon.com/imagebuilder/latest/userguide/how-image-builder-works.html#image-builder-compliance
You would need to create a custom scripted component to use a different set of package with Amazon Inspector. Another option is to create a component to only install Amazon Inspector agent in the build process, and run checks outside the image building process when an instance is spun up from the image.
Upvotes: 1
Related Questions
- AWS EC2 Image Builder: How to prevent removing SSM Agent
- Enable Inspector v2 with Terraform
- What is the basic difference between AWS Inspector & AWS Config Rules
- EC2-Image builder failed with Unable to bootstrap TOE
- Installing Amazon Inspector Service
- AWS CodeBuild Docker images as Base Image
- AWS AMI Source Instance
- aws code-build fails on build step image is missing
- AWS - AMI with different config - possibilities?
- Example for 'aws ec2 import-image'