Skip to main content
AWS Inspector (Amazon)

This article walks through the details of configuring AWS Inspector to connect to Drata.

Updated over a week ago

Connecting Amazon Inspector to Drata allows for the automated, continuous monitoring of SLA due dates and evidence collection of vulnerabilities issues required for compliance.

This will automate evidence collection for the Records of Vulnerability Scans test, which is mapped to DCF-18 by default. You will also be able to view findings by selecting View Findings on the Amazon Inspector connection card after connecting.

BEFORE DIVING IN

  • Drata only supports AWS Inspector 2. Drata does not support AWS Inspector Classic.

  • Drata syncs up to 1000 new or updated vulnerabilities for each connection daily, ordered by severity levels from critical to low.

Overview of what we're going to set up

  1. Create a new Policy for accessing AWS Inspector

  2. Attach the new Policy to your existing AWS Drata role

  3. Use the ARN for this role to connect AWS Inspector with Drata

Create a Policy

Create a new Policy for accessing AWS Inspector.

  1. Log in to the AWS Console with an account that has permission to create a new role.

  2. Go to the IAM service.

  3. Select the Policies link in the sidebar.

  4. Select the Create Policy button.

  5. Copy the Drata Policy below:

    • { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "inspector2:ListFilters", "inspector2:GetMember", "inspector2:ListUsageTotals", "inspector2:ListCoverageStatistics", "inspector2:ListFindings", "inspector2:ListFindingAggregations", "inspector2:ListCoverage", "inspector2:GetFindingsReportStatus", "inspector2:ListTagsForResource" ], "Resource": "*" } ] }
  6. Select the JSON tab.

  7. Select all of the default policy in the editor and paste the copied Drata Policy over it.

  8. Select the Next: Tags button.

    • (Optional) If your company uses tags, enter them here.

  9. Select the Next: Review button.

  10. Copy and paste DrataAwsInspectorPolicy (which is the Drata policy name) into the Name field.

  11. Copy and paste Provides read-only access for Drata AWS Inspector Connection (which is the Drata policy description) into the Description field.

  12. Select Create policy button

Update your AWS Drata Role

Attach the new Policy to your existing AWS Drata role.

  1. Go to your AWS Identity and Access Management (IAM).

    • Sign in to the AWS Management Console and open the IAM console.

  2. Navigate to your current AWS Drata Autopilot Role (DrataAutopilotRole).

  3. Select Add permissions and then Attach policies.

  4. Search and attach the DrataAwsInspectorPolicy policy.

  5. Copy the AWS Role ARN value and paste this value into the ARN Role field in Drata's AWS Inspector connection drawer.

  6. Within the AWS Inspector connection drawer, you can filter your vulnerabilities to only sync those that are related to your compliance monitoring in Drata. These filters will also be included in the test result report for visibility.

Once the connection is successfully created, you can select the View Findings button on the connection card or navigate to the Vulnerabilities page to review and manage the synced vulnerabilities for compliance monitoring. Learn more at Vulnerabilities help article.

Did this answer your question?