Amazon Inspector is an agent-based service that assesses the security of an EC2-backed environment. It monitors the configuration of the operating system and the flow of traffic to the host to detect potential risks. Inspector does not assess the broader infrastructure of an application beyond the EC2 instance. The configuration of VPCs, Route53 domains, other services, and the AWS account itself are not included in its checks. Whereas Inspector narrowly focuses on the configurations and applications on an instance, CloudSploit focuses on the broader environment. Ultimately, these services should be used in tandem; Inspector providing OS-level assessments and CloudSploit providing infrastructure-level assessments.
The AWS Config Service is most accurately described as an historical database of configuration states and changes for resources within an AWS account. By itself, this service provides a great way of tracking changes across large accounts, taking inventory of current resources, and detecting security risks after a potential compromise. Additionally, you can configure rulesets that respond to specific state changes within your account, such as executing a Lambda function when the root user logs in. While these rule triggers are helpful, they still require manual setup and configuration. Monitoring accounts with thousands of resources can become quite costly as well.