Menu
Amazon Inspector
User Guide (Version Latest)

Installing Amazon Inspector Agents

The Amazon Inspector Agent can be installed using the Systems Manager Run Command on multiple instances (including both Linux-based and Windows-based instances), or individually by signing in to each EC2 instance. The procedures below provide instructions for both methods.

Note

The following procedures are functional in all regions that are supported by Amazon Inspector.

To install the Amazon Inspector Agent on multiple EC2 instances using the Systems Manager Run Command

You can install the Amazon Inspector Agent on your EC2 instances using the Systems Manager Run Command. This enables you to install the agent remotely and on multiple instances (both Linux-based and Windows-based instances with the same command) at once.

Important

To utilize this option, make sure that your EC2 instance has the SSM Agent installed and has an IAM role that allows Run Command. The SSM Agent is installed, by default, on Amazon EC2 Windows instances and Amazon Linux instances. Amazon EC2 Systems Manager requires an IAM role for EC2 instances that will process commands and a separate role for users executing commands. For more information, see Installing and Configuring SSM Agentand Configuring Security Roles for System Manager.

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane under Systems Manager Services, choose Run Command.

  3. Choose Run a command.

  4. For Command document, choose the document named

    AmazonInspector-ManageAWSAgent owned by Amazon. This document contains the script for installing the Amazon Inspector Agent on EC2 instances.

  5. Specify your EC2 instances either by choosing the Specifying a Tag option or by Manually Selecting Instances and then selecting Select instances. To install the agent on all the instances in the assessment target, you can specify the same tags used for creating the assessment target.

  6. Provide your choices for the rest of the available options using the instructions in Executing Commands from the EC2 Console, and then select Run.

To install the Amazon Inspector Agent on a Linux-based EC2 instance

  1. Sign in to your EC2 instance running a Linux-based operating system where you want to install the Amazon Inspector Agent.

    Note

    For more information about operating systems supported for Amazon Inspector see Amazon Inspector Supported Operating Systems and Regions.

  2. Download the agent installation script by running either of the following commands:

    • wget https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install

    • curl -O https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install

  3. (Optional) Verify that the Amazon Inspector Agent installation script is not altered or corrupted. For more information, see (Optional) Verify the Signature of the Amazon Inspector Agent Installation Script on Linux-based Operating Systems.

  4. To install the agent, run sudo bash install.

    Note

    As updates for the Amazon Inspector Agent become available, they are automatically downloaded from Amazon S3 and applied. For more information, see Amazon Inspector Agent Updates.

    If you want to skip this auto-update process, make sure to run the following command when you install the agent:

    sudo bash install -u false

    Note

    (Optional) To remove the agent installation script, run rm install .

  5. Verify that the following files required for the agent to be successfully installed and functioning properly are installed:

    • libcurl3

    • libgcc1

    • libc6

    • libstdc++6

    • libssl1.0.1

    • libpcap0.8

To install the Amazon Inspector Agent on a Windows-based EC2 instance

  1. Sign in to your EC2 instance running a Windows-based operating system where you want to install the Amazon Inspector Agent.

    Note

    For more information about operating systems supported for Amazon Inspector see Amazon Inspector Supported Operating Systems and Regions.

  2. Download the following .exe file: https://d1wk0tztpsntt1.cloudfront.net/windows/installer/latest/AWSAgentInstall.exe

  3. Open a command prompt window (with Administrative permissions), navigate to the location where you saved the downloaded AWSAgentInstall.exe, and run AWSAgentInstall.exe to install the Amazon Inspector Agent.

    Note

    As updates for the Amazon Inspector Agent become available, they are automatically downloaded from Amazon S3 and applied. For more information, see Amazon Inspector Agent Updates.

    If you want to skip this auto-update process, make sure to run this command to install the Amazon Inspector Agent.

    AWSAgentInstall.exe AUTOUPDATE=No