Amazon Inspector is an agent-based service that assesses the security of an EC2-backed environment. It monitors the configuration of the operating system and the flow of traffic to the host to detect potential risks. Inspector does not assess the broader infrastructure of an application beyond the EC2 instance. The configuration of VPCs, Route53 domains, other services, and the AWS account itself are not included in its checks. Whereas Inspector narrowly focuses on the configurations and applications on an instance, CloudSploit focuses on the broader environment. Ultimately, these services should be used in tandem; Inspector providing OS-level assessments and CloudSploit providing infrastructure-level assessments.
- Instance and traffic-level analysis
- Pre-defined rules and reports
- API and IAM integration
- Requires an agent on each EC2 instance
- Pricing depends on the number of agents run
- Broader infrastructure-level services are not covered
- Only available in 4 regions