Skip to main content
All CollectionsIntegrations
Amazon Inspector (AWS)
Amazon Inspector (AWS)

This article walks through the details of configuring AWS Inspector to connect to Drata.

Faraz Yaghouti avatar
Written by Faraz Yaghouti
Updated today

HERE'S WHY

Connecting AWS Inspector connection will automate evidence collection for the Records of Vulnerability Scans test, which is mapped to DCF-18 by default. You can view findings by clicking the View Findings button on the connection card after setup.

BEFORE DIVING IN

  • Vulnerability Records Upper Limit: The Records of Vulnerability Scans test supports up to 100,000 results with this connection. If you exceed this limit, the connection will produce a summary, and you will need to manually provide evidence.

  • Existing Customers with Manual Vulnerability Reports: Drata will not check Amazon Inspector for evidence if these reports are present. Instead, we have mapped the uploaded Vulnerability reports to the control in Evidence Library. You can add future reports to the same Evidence Library record by updating the evidence.

  • Drata only supports AWS Inspector 2.

  • Drata does not support AWS Inspector Classic.

Overview of what we're going to set up

  • Create a new Policy for accessing AWS Inspector

  • Attach the new Policy to your existing AWS Drata role

  • Use the ARN for this role to connect AWS Inspector with Drata

Create a Policy

  1. Log in to the AWS Console with an account that has permission to create a new role.

  2. Go to the IAM service.

  3. Select the Policies link in the sidebar.

  4. Select the Create Policy button.

  5. Copy the Drata Policy below:

    • { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "inspector2:ListFilters", "inspector2:GetMember", "inspector2:ListUsageTotals", "inspector2:ListCoverageStatistics", "inspector2:ListFindings", "inspector2:ListFindingAggregations", "inspector2:ListCoverage", "inspector2:GetFindingsReportStatus", "inspector2:ListTagsForResource" ], "Resource": "*" } ] }
  6. Select the JSON tab.

  7. Select all of the default policy in the editor and paste the copied Drata policy over it.

  8. Select the Next: Tags button.

    • (Optional) If your company uses tags, enter them here.

  9. Select the Next: Review button.

  10. Copy and paste DrataAwsInspectorPolicy (which is the Drata policy name) into the Name field.

  11. Copy and paste Provides read-only access for Drata AWS Inspector Connection (which is the Drata policy description) into the Description field.

  12. Select Create policy button

Update your AWS Drata Role

  1. Go to your AWS Identity and Access Management (IAM).

    • Sign in to the AWS Management Console and open the IAM console.

  2. Navigate to your current AWS DrataAutopilotRole (Drata Autopilot Role).

  3. Select Add permissions and then Attach policies directly.

  4. Search and attach the DrataAwsInspectorPolicy policy.

  5. Copy the AWS Role ARN value and paste this value into Drata's AWS connection drawer into the field: ARN Role.

  6. Copy the AWS Role ARN and paste it into the ARN Role field in Drata's AWS Inspector connection drawer.

After successfully connecting AWS Inspector to Drata, navigate to Drata's Connections page. View your AWS Inspector connection card under Active connections, with an option to select View findings.

Did this answer your question?