
Amazon Inspector can scan EC2 AMIs for vulnerabilities by launching temporary instances and generating automated reports stored in S3, orchestrated through EventBridge, Lambda, and Step Functions with scheduled or manual triggering.


<div><p>This article explains how to scan EC2 AMIs for vulnerabilities using Amazon Inspector through an automated solution combining multiple AWS services.</p><ul><li>Amazon Inspector only scans running EC2 instances, not AMIs directly</li><li>Solution uses Step Functions, Lambda, EventBridge, and S3 to automate AMI scanning</li><li>Temporary EC2 instances are launched from AMIs, scanned, then terminated to reduce costs</li><li>AMIs must be tagged to trigger scanning; supports weekly/monthly scheduling via EventBridge</li><li>Inspector findings are exported to S3 in JSON or CSV format and encrypted with KMS</li><li>CloudFormation template provided for deployment; requires Systems Manager agent on instances</li><li>Results can be queried with Amazon Athena or visualized with Amazon QuickSight</li></ul><p>The solution enables routine vulnerability assessments of AMIs to identify and patch security issues before deployment to production environments.</p></div>


Related articles