aws inspector

Amazon Inspector Amazon Inspector enables you to analyze the behavior of your AWS resources and to identify potential security issues. For more information, see Amazon Inspector User Guide

Subcommands

NameDescription
add-attributes-to-findingsAssigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings
create-assessment-targetCreates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account. For more information, see Amazon Inspector Assessment Targets
create-assessment-templateCreates an assessment template for the assessment target that is specified by the ARN of the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments
create-exclusions-previewStarts the generation of an exclusions preview for the specified assessment template. The exclusions preview lists the potential exclusions (ExclusionPreview) that Inspector can detect before it runs the assessment
create-resource-groupCreates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target. The created resource group is then used to create an Amazon Inspector assessment target. For more information, see CreateAssessmentTarget
delete-assessment-runDeletes the assessment run that is specified by the ARN of the assessment run
delete-assessment-targetDeletes the assessment target that is specified by the ARN of the assessment target
delete-assessment-templateDeletes the assessment template that is specified by the ARN of the assessment template
describe-assessment-runsDescribes the assessment runs that are specified by the ARNs of the assessment runs
describe-assessment-targetsDescribes the assessment targets that are specified by the ARNs of the assessment targets
describe-assessment-templatesDescribes the assessment templates that are specified by the ARNs of the assessment templates
describe-cross-account-access-roleDescribes the IAM role that enables Amazon Inspector to access your AWS account
describe-exclusionsDescribes the exclusions that are specified by the exclusions' ARNs
describe-findingsDescribes the findings that are specified by the ARNs of the findings
describe-resource-groupsDescribes the resource groups that are specified by the ARNs of the resource groups
describe-rules-packagesDescribes the rules packages that are specified by the ARNs of the rules packages
get-assessment-reportProduces an assessment report that includes detailed and comprehensive results of a specified assessment run
get-exclusions-previewRetrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token. You can obtain the preview token by running the CreateExclusionsPreview API
get-telemetry-metadataInformation about the data that is collected for the specified assessment run
list-assessment-run-agentsLists the agents of the assessment runs that are specified by the ARNs of the assessment runs
list-assessment-runsLists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates
list-assessment-targetsLists the ARNs of the assessment targets within this AWS account. For more information about assessment targets, see Amazon Inspector Assessment Targets
list-assessment-templatesLists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets
list-event-subscriptionsLists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template. For more information, see SubscribeToEvent and UnsubscribeFromEvent
list-exclusionsList exclusions that are generated by the assessment run
list-findingsLists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs
list-rules-packagesLists all available Amazon Inspector rules packages
list-tags-for-resourceLists all tags associated with an assessment template
preview-agentsPreviews the agents installed on the EC2 instances that are part of the specified assessment target
register-cross-account-access-roleRegisters the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments
remove-attributes-from-findingsRemoves entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists
set-tags-for-resourceSets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template
start-assessment-runStarts the assessment run specified by the ARN of the assessment template. For this API to function properly, you must not exceed the limit of running up to 500 concurrent agents per AWS account
stop-assessment-runStops the assessment run that is specified by the ARN of the assessment run
subscribe-to-eventEnables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic
unsubscribe-from-eventDisables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic
update-assessment-targetUpdates the assessment target that is specified by the ARN of the assessment target. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target