Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Activating a scan type

Focus mode

On this page

Activating a scan type - Amazon Inspector

You can activate Amazon Inspector scan types at any time. When you activate a scan type, Amazon Inspector begins scanning eligible resources for the scan type immediately. The following briefly describes each scan type:

Amazon EC2 scanning

This scan type extracts metadata from your EC2 instance before comparing the metadata against rules collected from security advisories. When you activate this scan type, Amazon Inspector scans all eligible instances in your account for package vulnerabilities and network reachability issues.

Amazon ECR scanning

This scan type scans container images in Amazon ECR. When you activate this scan type, you change the scanning configuration setting for your private registry from basic scanning to enhanced scanning.

Lambda standard scanning

Lambda standard scanning is the default Lambda scan type. When you activate Lambda standard scanning, all Lambda functions in your account will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days.

Lambda code scanning

Lambda code scanning scans custom application code in a Lambda function. When you activate Lambda code scanning, all Lambda functions in your account will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days.

Note

You can either activate Lambda standard scanning or Lambda standard scanning with Lambda code scanning.

For a more comprehensive overview of the available scan types, see Automated resource scanning with Amazon Inspector. This section describes how to activate a scan type in Amazon Inspector.

Activating scans

If you are the delegated administrator for Amazon Inspector in an AWS organization you can enable various Amazon Inspector scan types for multiple accounts in multiple Regions automatically using a shell script developed by Amazon Inspector inspector2-enablement-with-cli on GitHub. Otherwise, to complete this procedure for a multi-account environment through the console, complete the following steps while signed in as the Amazon Inspector delegated administrator.

Console
To activate scans
  1. Open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home.

  2. Using the AWS Region selector in the upper-right corner of the page, select the Region where you want to activate a new scan type.

  3. In the navigation pane, choose Account management.

  4. On the Account management page, select the accounts for which you would like to activate a scan type.

  5. Choose Activate and select the type of scanning you would like to activate.

  6. (Recommended) Repeat these steps in each AWS Region for which you want to activate that scan type.

API

Run the Enable API operation. In the request, provide the account IDs you are activating scans for, and idempotency token, and one or more of EC2, ECR, LAMBDA, or LAMBDA_CODE for resourceTypes to activate scans of that type.

To activate scans
  1. Open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home.

  2. Using the AWS Region selector in the upper-right corner of the page, select the Region where you want to activate a new scan type.

  3. In the navigation pane, choose Account management.

  4. On the Account management page, select the accounts for which you would like to activate a scan type.

  5. Choose Activate and select the type of scanning you would like to activate.

  6. (Recommended) Repeat these steps in each AWS Region for which you want to activate that scan type.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.