Amazon Inspector
User Guide (Version Latest)

Amazon Inspector Terminology and Concepts

As you get started with Amazon Inspector, you can benefit from learning about its key concepts.

Amazon Inspector Agent

A software agent that you must install on all Amazon Elastic Compute Cloud instances (EC2 instances) that are included in the assessment target, the security of which you want to evaluate with Amazon Inspector. The Amazon Inspector Agent monitors the behavior of the EC2 instance on which it is installed, including network, file system, and process activity, and collects a wide set of behavior and configuration data (telemetry), which it then passes to the Amazon Inspector service. For more information, see Amazon Inspector Agents.

Assessment run

The process of discovering potential security issues through the analysis of your assessment target's configuration and behavior against specified rules packages. During an assessment run, the agent monitors, collects, and analyzes behavioral data (telemetry) within the specified target, such as the use of secure channels, network traffic among running processes, and details of communication with AWS services. Next, Amazon Inspector analyzes the data and compares it against a set of security rules packages specified in the assessment template used during the assessment run. A completed assessment run produces a list of findings - potential security issues of various severity. For more information, see Amazon Inspector Assessment Templates and Assessment Runs.

Assessment target

In the context of Amazon Inspector, a collection of AWS resources that work together as a unit to help you accomplish your business goals. Amazon Inspector evaluates the security state of the resources that constitute the assessment target.


At this time, your Amazon Inspector assessment targets can consist only of EC2 instances. For more information, see Amazon Inspector Service Limits

To create an Amazon Inspector assessment target, you must first tag your EC2 instances with key-value pairs of your choice, and then create a view of these tagged EC2 instances that have common keys or common values. For more information, see Amazon Inspector Assessment Targets.

Assessment template

A configuration that is used during your assessment run, including rules packages against which you want Amazon Inspector to evaluate your assessment target, the duration of the assessment run, Amazon Simple Notification Service (SNS) topics to which you want Amazon Inspector to send notifications about assessment run states and findings, and Amazon Inspector-specific attributes (key-value pairs) that you can assign to findings generated by the assessment run that uses this assessment template.


A potential security issue discovered during the Amazon Inspector assessment run of the specified target. Findings are displayed in the Amazon Inspector console or retrieved through the API, and contain both a detailed description of the security issue and a recommendation on how to fix it. For more information, see Amazon Inspector Findings.


In the context of Amazon Inspector, a security check that the agent performs during an assessment run. When a rule detects a potential security issue, Amazon Inspector generates a finding that describes the issue.

Rules package

In the context of Amazon Inspector, a collection of rules. A rules package corresponds to a security goal that you might have. You can specify your security goal by selecting the appropriate rules package when you create an Amazon Inspector assessment template. For more information, see Amazon Inspector Rules Packages and Rules.


Data (behavioral, configuration, etc.) such as records of network connections and process creations, collected by the Amazon Inspector Agent on your EC2 instances during an assessment run and passed to the Amazon Inspector service for analysis.