AWS inspector documentation change
Summary
Changed documentation about exclusion scope from 'encrypted EBS volume' to entire 'instance' for agentless scans
Security assessment
This is a documentation clarification about exclusion scope. While it relates to security scanning, there's no evidence of addressing a vulnerability. The change only corrects what can be excluded (entire instances vs volumes), with no security implications.
Diff
diff --git a/inspector/latest/user/scanning-ec2.md b/inspector/latest/user/scanning-ec2.md index 051f7c970..ba7fdcd3e 100644 --- a//inspector/latest/user/scanning-ec2.md +++ b//inspector/latest/user/scanning-ec2.md @@ -265 +265 @@ You're not charged for excluded instances. -Additionally, you can exclude an encrypted EBS volume from agentless scans by tagging the AWS KMS key used to encrypt that volume with the `InspectorEc2Exclusion` tag. For more information, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys). +Additionally, you can exclude an instance from agentless scans by tagging the AWS KMS key used to encrypt that volume with the `InspectorEc2Exclusion` tag. For more information, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys).