Create an IAM role

1. Select Create or choose role or choose Manage Inspector Service Role.
2. Choose Allow to give Amazon Inspector read-only access to resources in your account.

Tag your Amazon EC2 instances

1. Open the
   Amazon EC2 console, and choose Instances from the left navigation menu.
2. Select the instances that you want Amazon Inspector to perform an assessment on, and choose the Tags view.
3. Choose Add/Edit Tags, and enter a key, such as "examplekey," for the Key.
4. Enter a Value
   , such as "examplevalue," and choose Save.

Install the Amazon Inspector agent

The instructions for installing the Amazon Inspector agent depend on the OS of the Amazon EC2 instance:

Define the assessment target

1. After you've installed the Amazon Inspector agent, choose Next
   or choose Define an assessment target, or open the Amazon Inspector console, and from the left navigation menu choose Define an assessment target.
2. Enter the name for your assessment target that you want to create, and choose the Key and Value pairs for the Amazon EC2 instances you want to include in the assessment, such as "examplekey" and "examplevalue." You can then choose Preview to view and verify the instances that are included.
3. Choose Next.

Define the assessment template

1. Enter a name for your assessment template.
2. Select Common Vulnerabilities for the rule package.
3. Select the Duration you want your assessment to run.
   Note: It's recommended that you choose a duration of one hour if you have more than one Rule Package or instance.
4. Choose Next, and choose Create.
5. Review the assessment template, and choose Create.

Run the assessment

1. After completing the previous steps, open the Amazon Inspector console.
2. Select the Assessment templates section to see available assessments.
3. Choose the template you created, and choose Run to start the assessment immediately, or create an Assessment Event.
4. After the assessment completes, from the left navigation menu choose Findings or Assessment runs.
   - Assessment runs include a list of all assessment runs, from which you can review information about that particular assessment, generate a report from that assessment, or navigate to the security Findings for specific assessments.
   - Findings include a list of all Findings for all assessment runs, which you can then filter.

Findings are identified security vulnerabilities or configuration exposures discovered during the Amazon Inspector assessment. To learn more about a Finding, choose the arrow next to the Finding to expand the detailed view. For help addressing these security issues, follow the instructions in the Recommendation section.

Assessment Reports include a summary of all the Amazon EC2 instances evaluated in the assessment and the Rules Packages used, a summary of the security Findings, details of each security Finding, and a list of the security rules passed during the assessment.

Note: Amazon Inspector assessment targets can only include Amazon EC2 instances that have a supported OS installed. See Amazon Inspector Supported Operating Systems and Regions for more information.