What is Amazon Inspector Classic? - Amazon Inspector Classic

This is the user guide for Amazon Inspector Classic. For information about the new Amazon Inspector, see the Amazon Inspector User Guide. To access the Amazon Inspector Classic console, open the Amazon Inspector console at https://console.aws.amazon.com/inspector/, and then choose Amazon Inspector Classic in the navigation pane.

What is Amazon Inspector Classic?


The new Amazon Inspector, a completely rearchitected and redesigned version of Amazon Inspector Classic, is now available across AWS Regions. The new Amazon Inspector has expanded coverage to add support for container images residing in Amazon Elastic Container Registry (Amazon ECR) in addition to EC2 instances. The new Amazon Inspector offers multi-account support through integration with AWS Organizations, and continual software vulnerability and network reachability scanning based on common vulnerabilities and exposures (CVEs). We encourage you to explore and use these and other new and improved features, and to benefit from the significantly enhanced security value. To learn about features and pricing for the new Amazon Inspector, see Amazon Inspector. To learn how to move to the new Amazon Inspector, see Moving to the new Amazon Inspector.

Amazon Inspector Classic tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances. Amazon Inspector Classic assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector Classic produces a detailed list of security findings that is organized by level of severity.

With Amazon Inspector Classic, you can automate security vulnerability assessments throughout your development and deployment pipelines or for static production systems. This allows you to make security testing a regular part of development and IT operations.

Amazon Inspector Classic also offers predefined software called an agent that you can optionally install in the operating system of the EC2 instances that you want to assess. The agent monitors the behavior of the EC2 instances, including network, file system, and process activity. It also collects a wide set of behavior and configuration data (telemetry).


AWS doesn't guarantee that following the provided recommendations will resolve every potential security issue. The findings generated by Amazon Inspector Classic depend on your choice of rules packages included in each assessment template, the presence of non-AWS components in your system, and other factors. You are responsible for the security of applications, processes, and tools that run on AWS services. For more information, see the AWS Shared Responsibility Model for security.


AWS is responsible for protecting the global infrastructure that runs the services offered in the AWS Cloud. This infrastructure consists of the hardware, software, networking, and facilities that run AWS services. AWS provides several reports from third-party auditors who have verified our compliance with a variety of computer security standards and regulations. For more information, see AWS Cloud Compliance.

For information about Amazon Inspector Classic terminology, see Amazon Inspector Classic terminology and concepts.

Benefits of Amazon Inspector Classic

Here are some of the main benefits of Amazon Inspector Classic:

  • Integrate automated security checks into your regular deployment and production processes – Assess the security of your AWS resources for forensics, troubleshooting, or active auditing purposes. Run the assessments during the development process, or run them in a stable production environment.

  • Find application security issues – Automate the security assessment of your applications and proactively identify vulnerabilities. This allows you to develop and iterate on new applications quickly, and assess compliance with best practices and policies.

  • Gain a deeper understanding of your AWS resources – Stay informed about the activity and configuration data of your AWS resources by reviewing the findings that Amazon Inspector Classic produces.

Features of Amazon Inspector Classic

Here are some of the main features of Amazon Inspector Classic:

  • Configuration scanning and activity monitoring engine – Amazon Inspector Classic provides an agent that analyzes system and resource configuration. It also monitors activity to determine what an assessment target looks like, how it behaves, and its dependent components. The combination of this telemetry provides a complete picture of the target and its potential security or compliance issues.

  • Built-in content library – Amazon Inspector Classic includes a built-in library of rules and reports. These include checks against best practices, common compliance standards, and vulnerabilities. The checks include detailed recommended steps for resolving potential security issues.

  • Automation through an API – Amazon Inspector Classic can be fully automated through an API. This allows you to incorporate security testing into the development and design process, including selecting, executing, and reporting the results of those tests.

Accessing Amazon Inspector Classic

You can work with the Amazon Inspector Classic service in any of the following ways:

Amazon Inspector Classic Console

Sign in to the AWS Management Console and open the Amazon Inspector Classic console at https://console.aws.amazon.com/inspector/.

The console is a browser-based interface that lets you access and use the Amazon Inspector Classic service.


AWS provides software development kits (SDKs) that consist of libraries and sample code for various programming languages and platforms. These include Java, Python, Ruby, .NET, iOS, Android, and more. The SDKs provide a convenient way to create programmatic access to the Amazon Inspector Classic service. For information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.

Amazon Inspector Classic HTTPS API

You can access Amazon Inspector Classic and AWS programmatically by using the Amazon Inspector Classic HTTPS API, which lets you issue HTTPS requests directly to the service. For more information, see the Amazon Inspector Classic API Reference.

AWS Command Line Tools

You can use the AWS command line tools to run commands at your system's command line to perform Amazon Inspector Classic tasks. The command line tools are also useful if you want to build scripts that perform AWS tasks. For more information, see the Amazon Inspector Classic AWS Command Line Interface.