Amazon Inspector Integration Setup
This guide walks you through integrating Amazon Inspector with RAD Security, enabling you to import code security findings and correlate them with runtime security events. Amazon Inspector is a vulnerability management service that scans Amazon EC2 instances, container images, AWS Lambda functions, and code repositories. This integration imports findings from code repository scans to provide visibility into code-level vulnerabilities.This integration imports findings from the Code Security tab in Amazon Inspector, which includes resources with the
CODE_REPOSITORY resource type.Prerequisites
Before you begin, ensure you have:- Amazon Inspector activated in your AWS account
- Access to an AWS account with the ability to create IAM policies, roles, and users
- Access to RAD Security workspace with integration permissions
Need to activate Amazon Inspector? See the Amazon Inspector Getting Started documentation.
Required IAM Permissions
The following IAM policy actions are required for the integration:| Operation | Required Policy Action |
|---|---|
| Query Applications | inspector2:ListFindingAggregations |
| Query Application Findings | inspector2:ListFindings |
| Query findings across all applications | inspector2:ListFindings |
| Get Application Finding Details | inspector2:ListFindings, inspector2:ListFindingAggregations |
Step 1: Create an IAM Policy
- Visual Editor
- JSON Editor
1
Open the IAM Console
Log into the AWS Management Console and open the IAM Console
2
Navigate to Policies
Select Policies from the sidebar on the left
3
Create a New Policy
Click Create Policy
4
Select the Inspector2 Service
- In the Policy Editor, find the Select a service section
- Search for and select Inspector2
5
Select Required Actions
In the Actions allowed section, check the following actions:
ListFindingAggregationsListFindings
6
Review and Create
- Click Next
- Enter a Policy Name (e.g.,
RADSecurityInspectorReadOnly) - Add an optional Description
- Click Create Policy
Save the policy name—you’ll need it when creating the IAM user.
For more information on creating IAM policies, see the AWS IAM Creating Policies documentation.
Step 2: Create an IAM User
1
Navigate to Users
In the IAM Console, select Users from the sidebar on the left
2
Create a New User
Click Create user
3
Configure User Details
- Enter a User name (e.g.,
rad-security-inspector) - Leave Provide user access to the AWS Management Console unchecked—this user only needs API access
- Click Next
4
Attach the Policy
- In the Permissions options section, select Attach policies directly
- In the Permissions policies section, search for the policy you created in Step 1
- Check the box next to the policy
- Click Next
5
Review and Create
- Review the user details
- Click Create user
For more information on creating IAM users, see the AWS IAM Creating Users documentation.
Step 3: Generate Access Keys
1
Open User Details
In the IAM Console, navigate to Users and select the user you created in Step 2
2
Navigate to Security Credentials
Click the Security credentials tab
3
Create Access Key
- In the Access keys section, click Create access key
- When prompted to select a use case, select Other
- Add an optional description tag
- Click Create access key
4
Save Your Credentials
- Copy the Access key ID
- Copy the Secret access key
- Store both values securely—you’ll need them to configure the integration
For more information on managing access keys, see the AWS IAM Access Keys documentation.
Step 4: Identify Your AWS Region
To find your Amazon Inspector region:- Navigate to the Amazon Inspector Console
- Look at the URL in your browser—the region appears in the format:
{region}.console.aws.amazon.com - Note the region code (e.g.,
us-east-1,us-west-2,eu-west-1)
Common AWS regions include:
us-east-1(N. Virginia)us-west-2(Oregon)eu-west-1(Ireland)ap-southeast-1(Singapore)
Step 5: Configure in RAD Security
Navigate to your RAD Security workspace and configure the Amazon Inspector integration with the following parameters:Required Parameters
| Parameter | Description | Example |
|---|---|---|
| Integration Name | A descriptive name for this integration | AWS Inspector - Production |
| Access Key ID | The Access Key ID generated in Step 3 | AKIAIOSFODNN7EXAMPLE |
| Secret Access Key | The Secret Access Key generated in Step 3 | wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
| Region | Your Amazon Inspector region from Step 4 | us-east-1 |
Verify Integration
After completing the setup, verify your integration is working:- Navigate to Data Sources > Integrations > Vulnerabilities in RAD Security
- Locate your Amazon Inspector integration
- Check the connection status shows as Connected
- Verify code security findings are being synced
Your Amazon Inspector integration is now configured! RAD Security can now import code security findings and correlate them with runtime security events.
What Data is Synced
Once configured, RAD Security will sync code security findings from Amazon Inspector:Code Security Findings
Code Security Findings
- Vulnerability identifiers (CVE IDs)
- Severity levels and CVSS scores
- Affected code repositories
- Vulnerable dependencies and packages
- Remediation recommendations
- Finding status and detection dates
Repository Information
Repository Information
- Repository names and identifiers
- Branch information
- File paths with vulnerabilities
- Dependency manifest files
Vulnerability Details
Vulnerability Details
- Package name and version
- Fixed version (if available)
- Vulnerability description
- Exploit availability indicators
- Related security advisories
Use Cases
Code Vulnerability Correlation
Correlate code repository vulnerabilities with runtime security events to identify exploitable weaknesses.
Dependency Risk Assessment
Prioritize vulnerable dependencies based on severity, exploitability, and usage in production.
Supply Chain Security
Monitor third-party dependencies for known vulnerabilities across your code repositories.
Remediation Tracking
Track vulnerability remediation progress and validate fixes in your development pipeline.
Troubleshooting
Authentication Failed
Authentication Failed
Possible causes:
- Incorrect Access Key ID or Secret Access Key
- Access keys have been deactivated or deleted
- IAM user has been deleted
- Verify the Access Key ID and Secret Access Key are correct
- Check the IAM Console to ensure the access keys are active
- Generate new access keys if necessary
Insufficient Permissions
Insufficient Permissions
Possible causes:
- IAM policy doesn’t include required actions
- Policy not attached to the IAM user
- Resource restrictions in the policy
- Verify the IAM policy includes
inspector2:ListFindingsandinspector2:ListFindingAggregations - Ensure the policy is attached to the correct IAM user
- Check that the policy resource is set to
*or includes the necessary resources
No Data Syncing
No Data Syncing
Possible causes:
- Amazon Inspector not activated
- No code repositories configured for scanning
- No findings exist in the Code Security tab
- Wrong region configured
- Verify Amazon Inspector is activated in your AWS account
- Ensure code repository scanning is enabled in Amazon Inspector
- Check the Code Security tab in the Amazon Inspector Console for existing findings
- Confirm you’re using the correct AWS region
Wrong Region
Wrong Region
Possible causes:
- Region mismatch between configuration and Amazon Inspector
- Navigate to the Amazon Inspector Console and verify the region in the URL
- Update the region in your RAD Security integration configuration
- Note that Amazon Inspector findings are region-specific
Access Key Rotation Issues
Access Key Rotation Issues
Possible causes:
- Access keys were rotated but integration not updated
- Old access keys were deleted before new ones were configured
- Generate new access keys in the IAM Console
- Update the integration configuration in RAD Security with the new credentials
- Delete old access keys only after verifying the new ones work
Security Best Practices
Use Dedicated IAM Users
Create a dedicated IAM user for RAD Security integration rather than using existing user credentials.
Least Privilege Access
Only grant the minimum required permissions. The read-only permissions in this guide are sufficient for the integration.
Secure Credential Storage
Store access keys securely. Never commit them to version control or share via unsecured channels.
Regular Key Rotation
Rotate access keys periodically according to your organization’s security policies.
Monitor API Usage
Use AWS CloudTrail to monitor API calls made by the integration user for anomalous activity.
Enable MFA for Admin Accounts
Ensure MFA is enabled for any admin accounts that manage the IAM user and policies.
Access Key Rotation
To rotate your access keys without service interruption:1
Create New Access Keys
- Navigate to the IAM user in the AWS Console
- Go to Security credentials
- Click Create access key
- Save the new Access Key ID and Secret Access Key
2
Update RAD Security
- Navigate to the Amazon Inspector integration in RAD Security
- Update the Access Key ID and Secret Access Key with the new values
- Save the configuration
3
Verify the Integration
- Confirm the integration status shows Connected
- Verify data is still syncing correctly
4
Delete Old Access Keys
- Return to the IAM user in the AWS Console
- Locate the old access key
- Click Actions > Delete
- Confirm deletion
Additional Resources
Amazon Inspector Documentation
Official AWS documentation for Amazon Inspector
IAM Best Practices
AWS IAM security best practices guide