AWS inspector documentation change
Summary
Added note clarifying that agent-based scanning requires EC2 instances to be managed by SSM in the same AWS account
Security assessment
Clarifies a security configuration requirement to prevent cross-account misconfigurations, but does not address a specific vulnerability
Diff
diff --git a/inspector/latest/user/scanning-ec2.md b/inspector/latest/user/scanning-ec2.md index de2aec3f1..702a421bc 100644 --- a//inspector/latest/user/scanning-ec2.md +++ b//inspector/latest/user/scanning-ec2.md @@ -11 +11 @@ Amazon Inspector Amazon EC2 scanning extracts metadata from your EC2 instance be -Package vulnerability scans can be performed using an [agent-based](https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html#agent-based) or [agentless](https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html#agentless) scan method. Both of these scan methods determine how and when Amazon Inspector collects the software inventory from an EC2 instance instance for package vulnerability scans. Agent-based scanning collects software inventory using the SSM agent, and agentless scanning collects software inventory using on Amazon EBS snapshots. +Package vulnerability scans can be performed using an [agent-based](https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html#agent-based) or [agentless](https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html#agentless) scan method. Both of these scan methods determine how and when Amazon Inspector collects the software inventory from an EC2 instance for package vulnerability scans. Agent-based scanning collects software inventory using the SSM agent, and agentless scanning collects software inventory using on Amazon EBS snapshots. @@ -33,0 +34,4 @@ The following process explains how Amazon Inspector uses SSM to collect inventor +###### Note + +For agent-based scanning, the Amazon EC2 instance must be managed by SSM in same AWS account. +