1. Knowledge Base
  2. Unified VRM Integrations

AWS Inspector Integration Instructions

This page walks you through setting up readonly AWS Inspector credential for your Unified VRM, and ingesting AWS Inspector data inside Unified VRM.

Before you begin

To complete this quickstart you’ll need to have:

  1. Set up AWS Inspector in an AWS account

Step 1: Create IAM role in the AWS Account where Inspector is configured

The IAM role will have the following trust relationship, this will allow Unified VRM to assume into the role:

{

 "Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": {

"AWS": "arn:aws:iam::490718849531:root"

 },

"Action": "sts:AssumeRole"

}

]

}


The role will need the following permissions for the resources in your account(s):

  1. inspector2:ListFindings
  2. ec2:DescribeInstance
  3. resource-groups:ListGroupResources
  4. resource-groups:ListGroups
  5. cloudformation:DescribeStacks
  6. cloudformation:ListStackResources
  7. tag:GetResources

Or these AWS Managed policies

  1. AmazonInspector2ReadOnlyAccess
  2. AmazonEC2ReadOnlyAccess
  3. AWSResourceGroupsReadOnlyAccess

For all other accounts inside the organization that the inspector is configured for will need a role with the same name and every permission listed above except number 1.

Step 2: Provide Nopsec with the role information

Enter the role ARN (created in step 1) that has access to AWS Inspector and the region name (i.e. us-east-1) in the integrate dialog for AWS Inspector and select “CONNECT”.