Encryption of data at rest - Amazon Inspector

This is the user guide for Amazon Inspector Classic. For information about the new Amazon Inspector, see the Amazon Inspector User Guide. To access the Amazon Inspector Classic console, open the Amazon Inspector console at https://console.aws.amazon.com/inspector/, and then choose Amazon Inspector Classic in the navigation pane.

Encryption of data at rest

The telemetry data that an Amazon Inspector Classic agent generates during assessment runs is formatted in JSON files. These files are delivered in near-real-time over TLS to Amazon Inspector Classic, where they are encrypted with a per-assessment-run, ephemeral AWS KMS-derived key.

The files are securely stored in S3 buckets that are dedicated to Amazon Inspector Classic. The rules engine of Amazon Inspector Classic does the following:

  • Accesses the encrypted telemetry data in the S3 bucket

  • Decrypts it in memory

  • Processes the data against the configured assessment rules to generate findings