A Guide to Export Findings Reports from Amazon Inspector to Amazon S3

Introduction

Privacy and security are paramount in the realm of cloud computing. To address these concerns, Amazon Inspector emerges as a valuable tool, empowering users to identify and mitigate potential security vulnerabilities in their applications and infrastructure. By conducting thorough assessments, Amazon Inspector generates comprehensive findings reports, offering actionable insights for effective remediation. Nevertheless, managing these reports can pose challenges, particularly when dealing with expansive deployments or multiple AWS accounts.

To streamline this process and ensure efficient findings handling, Amazon Inspector provides a convenient feature: the ability to export these reports directly to Amazon S3, a highly scalable and secure object storage service.

This blog post will explore the benefits of exporting findings reports from Amazon Inspector to Amazon S3, the step-by-step process to set up this integration, and some best practices for effectively managing and utilizing the exported reports.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Steps to export findings from Amazon Inspector to Amazon S3

Step 1 – Verify your permissions

Before you export the findings report from Amazon Inspector, we need to check whether the Amazon Inspector status is enabled, then verify that you have permission to export findings reports and configure resources for encrypting and storing the reports. To verify your permissions, evaluate the IAM policies associated with your IAM identity using AWS Identity and Access Management (IAM).

step1

Step 2 – Configure an Amazon S3 bucket

After you verify your permissions, you need to create an Amazon S3 bucket, or we can use the existing one. Here we will configure the existing Amazon S3 bucket (inspector-vulnerability-backup) to store our findings report.

step2

Add the Amazon S3 Bucket policy to get the reports from the Amazon Inspector.

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "allow-inspector",
			"Effect": "Allow",
			"Principal": {
				"Service": "inspector2.amazonaws.com"
			},
			"Action": [
				"s3:PutObject",
				"s3:PutObjectAcl",
				"s3:AbortMultipartUpload"
			],
			"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
			"Condition": {
				"StringEquals": {
					"aws:SourceAccount": "111122223333"
				},
				"ArnLike": {
					"aws:SourceArn": "arn:aws:inspector2:Region:111122223333:report/*"
				}
			}
		}
	]
}

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "allow-inspector",

"Effect": "Allow",

"Principal": {

"Service": "inspector2.amazonaws.com"

"Action": [

"s3:PutObject",

"s3:PutObjectAcl",

"s3:AbortMultipartUpload"

"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",

"Condition": {

"StringEquals": {

"aws:SourceAccount": "111122223333"

"ArnLike": {

"aws:SourceArn": "arn:aws:inspector2:Region:111122223333:report/*"

}

]

}

step2b

Step 3 – Configure an AWS KMS Key

Create the AWS KMS key to encrypt the findings report. The key needs to be an AWS KMS key for customer-managed symmetric encryption. In addition, the key must be in the same AWS Region as the Amazon S3 bucket you configured to store the report.

We have created an AWS KMS Key (AWS-Inspector-Key) so that Amazon Inspector will have permission to use the key. Otherwise, the report cannot be exported or encrypted by Amazon Inspector. Update the key’s key policy to grant Amazon Inspector access to use the key.

step3

step3b

Step 4 – Configure and export the findings report

You’re prepared to configure and export the report once you’ve checked your permissions and set up the resources necessary to encrypt and save your findings report.

To configure and export the findings report.

Open the Amazon Inspector console

step4

In the navigation pane, under Findings, choose All Findings.

step4b

(Optional) By using the filter bar above the Findingstable, add filter criteria that specify which findings to include in the report. Amazon Inspector updates the table as you add criteria to show the findings satisfying the requirements. The table gives you a sneak peek at the information in your report.

step4c

Choose Export Findings.

step4d

Choose a file format for the report in the Export options section under Export file type:

Select JSON to output the data as a JavaScript Object Notation (.json) file.
Choose CSV to create a comma-separated value (.csv) file containing the data.

step4e

Specify the Amazon S3 bucket where you wish to put the report under the Export location for Amazon S3 URI.

step4f

step4g

For the AWS KMS key, specify the AWS KMS key that you want to use to encrypt the report:

step4h

Choose Export.

step4i

The findings report is created by Amazon Inspector, encrypted with the AWS KMS key you selected, and added to the Amazon S3 bucket you specified.

step4j

Conclusion

By exporting findings reports from Amazon Inspector to Amazon S3, businesses can benefit from the scalability and cost-effectiveness of the storage service. This integration simplifies the organization and retention of reports, enables seamless integration with other AWS services, and facilitates team collaboration for effective vulnerability management. It empowers organizations to proactively address security issues, enhance their overall security posture, and align with industry best practices in securing AWS environments.

Drop a query if you have any questions regarding Amazon Inspector and Amazon S3, and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. What is Amazon Inspector?

ANS: – Amazon Inspector is a cloud-based security assessment service that Amazon Web Services (AWS) provides. It helps identify security vulnerabilities and potential misconfigurations in applications and infrastructure deployed on AWS.

2. Why should I export findings reports from Amazon Inspector to Amazon S3?

ANS: – Exporting findings reports to Amazon S3 provides several benefits. It simplifies the management of security vulnerabilities, improves the process of addressing issues, enables better analysis and automation, and strengthens overall security measures in AWS environments.

3. How do I set up the integration between Amazon Inspector and Amazon S3?

ANS: – To set up the integration, you must create an Amazon S3 bucket, configure Amazon Inspector to export findings reports to that bucket, and initiate the export process. This can be done through the AWS Management Console or programmatically using the AWS CLI or SDKs.

4. How can I analyze the exported findings reports?

ANS: – You can analyze the exported reports using various AWS services. For example, you can use AWS Athena, a serverless query service, to run SQL queries and extract insights from the reports. Additionally, AWS QuickSight can generate visualizations and dashboards to view the findings comprehensively.

WRITTEN BY Shaikh Mohammed Fariyaj Najam

Mohammed Fariyaj Shaikh works as a Research Associate at CloudThat. He has strong analytical thinking and problem-solving skills, knowledge of AWS Cloud Services, migration, infrastructure setup, and security, as well as the ability to adopt new technology and learn quickly.