Implementation/Admin Learning Path
      Back to home
      1. Knowledge Base
      2. Implementation/Admin Learning Path

      AWS Inspector Integration Instructions

      This guide provides the steps required to configure an integration between AWS Inspector and NopSec for ingesting vulnerability data from EC2, ECS, and Lambda. Follow the steps below to enable data ingestion for vulnerability management.

      Prerequisites

      • AWS Inspector: The client must have AWS Inspector configured in their AWS environment.

      • IAM Role: The client must create an IAM role in AWS to grant NopSec necessary permissions to access specific AWS Inspector resources.

       Create an IAM Role with Necessary Permissions

      1. Create a New IAM Role in your AWS account that will be shared with NopSec. The role should have permissions to access AWS Inspector data, as well as other resources required for vulnerability ingestion.

      2. Assign Permissions to the IAM role. Ensure the role has the following permissions:

        • ec2

          - to describe EC2 instances

        • ecr

          - to describe ECR repositories

        • lambda

          - to list Lambda functions

        • inspector2

          - to list AWS Inspector findings

      Configure Trusted Relationship

      1. Configure the IAM role to allow NopSec to assume it. This can be done by updating the role's trusted relationship policy.

      2. Trusted Relationship Policy: Add the following trusted entity to allow the specific NopSec role (ARN: arn:aws:iam::538698698723:role/prod-us-east-2-ECSTaskRole-Taskrunner) to assume this role.

      Policy Statement Example

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "ec2:DescribeInstances",
                      "ecr:DescribeRepositories",
                      "lambda:ListFunctions",
                      "inspector2:ListFindings"
                  ],
                  "Resource": "*"
              }
          ]
      }

      Role Statement Example

      {
      "Version": "2012-10-17",
      "Statement": [
              {
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": "arn:aws:iam::490718849531:role/prod-us-east-2-ECSTaskRole-Taskrunner"
                  },
                  "Action": [
                      "sts:AssumeRole"
                  ]
              }
      ]
      }
      Add the AWS Inspector Integration in NopSec

      1. Navigate to Integrations in the NopSec UI and select the option to add an AWS Inspector Integration.

      2. Enter the Role ARN: When prompted, provide the Role ARN of the IAM role you created in the previous steps. This enables NopSec to assume the role and access AWS Inspector data for vulnerability ingestion.

      Automated Synchronization

      Once the integration is successfully configured, NopSec will handle daily synchronization to ingest vulnerability data from AWS Inspector. This includes continuous data updates for resources like EC2, ECS, and Lambda to ensure accurate and timely vulnerability management.

      Summary Checklist

      1. Ensure AWS Inspector is configured in your environment.

      2. Create an IAM role with permissions for EC2, ECR, Lambda, and Inspector findings.

      3. Set up a trusted relationship for NopSec to assume this role.

      4. Configure the integration in the NopSec UI and input the Role ARN.