Skip to main content

AWS Inspector (Amazon) Connection

This article walks through the details of configuring AWS Inspector to connect to Drata.

Updated over a week ago

Connect AWS Inspector to Drata to Drata allows for the automated, continuous monitoring of SLA due dates and evidence collection of vulnerabilities issues required for compliance.

This will automate evidence collection for the Records of Vulnerability Scans test, which is mapped to DCF-18 by default.

Prerequisites

Note: Drata syncs up to 1,000 new or updated vulnerabilities per day for each connection, sorted by severity from critical to low.

What you’ll do

  1. Create a policy that allows access AWS Inspector.

  2. Attach the policy to your existing AWS Drata role.

  3. Use that role’s ARN to complete the connection.

Create a Policy

Create a new policy for accessing AWS Inspector.

  1. Sign in to the AWS Console with an account that has permission to create a new role.

  2. Go to IAM service > Policies in the sidebar, then select Create policy.

  3. Select the JSON tab.

  4. Select all of the default policy in the editor and paste the copied Drata Policy over it.

    • Drata Policy below:

    • { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "inspector2:ListFilters", "inspector2:GetMember", "inspector2:ListUsageTotals", "inspector2:ListCoverageStatistics", "inspector2:ListFindings", "inspector2:ListFindingAggregations", "inspector2:ListCoverage", "inspector2:GetFindingsReportStatus", "inspector2:ListTagsForResource" ], "Resource": "*" } ] }
  5. Select Next: Tags. If your organization uses them, add those tags.

  6. Select Next: Review.

  7. Enter the following values:

    • Name: DrataAwsInspectorPolicy

      • This is the Drata policy name.

    • Description: Provides read-only access for Drata AWS Inspector connection

      • This is the Drata policy description.

  8. Select Create policy button

Update your AWS Drata role

Attach the new Policy to your existing AWS Drata role.

  1. Sign in to the AWS Management Console and open the IAM console.

  2. Navigate to your current AWS Drata Autopilot Role (DrataAutopilotRole).

  3. Select Add permissions and then Attach policies.

  4. Search and attach the DrataAwsInspectorPolicy policy.

  5. Copy the AWS Role ARN value. You will enter the Role ARN value during the connection process.

During the AWS Inspector connection process, you can choose which vulnerabilities to sync based on severity, AWS region, and detection date. These filters help tailor your sync to your compliance requirements.

Connect AWS Inspector in Drata

  1. In Drata, go to the Connections page and search and select AWS Inspector.

  2. Paste the Role ARN you copied from AWS.

  3. Configure which vulnerabilities Drata will sync. These selections are also included in the test result report for visibility.

    • Severity: Select the vulnerability levels to include, such as Critical, High, or Medium.

    • AWS regions: Choose the AWS regions your ARN role has access to.

    • First seen on: Drata will sync vulnerabilities detected on or after the selected date.

  4. Select Connect.

Drata automatically begins syncing vulnerabilities based on your configurations.

You can view the findings by selecting the View Findings after connecting Arnica or navigating directly to the Vulnerabilities page through the left-side navigation menu.

Did this answer your question?