Inspector2 is enabled for Amazon EC2 instances, ECR container images, Lambda functions, and Lambda code
inspector2_is_enabled
Amazon Inspector 2 activation and coverage across regions, verifying that scanning is active for EC2, ECR, Lambda functions, and Lambda code where applicable.
It flags missing account activation or gaps in any scan type.
Risk
Absent or partial coverage leaves unpatched vulnerabilities, risky code dependencies, and unintended network exposure undetected.
Attackers can exploit known CVEs for remote code execution, lateral movement, and data exfiltration, degrading confidentiality, integrity, and availability.
prowler aws --checks inspector2_is_enabled
Recommendation
Enable Amazon Inspector 2 across all regions and activate scans for EC2, ECR, Lambda, and Lambda code.
Apply defense in depth: auto-enable coverage for new workloads, integrate findings with patching and CI/CD gates, enforce remediation SLAs, and grant only least privilege to process and act on findings.
Remediation
aws inspector2 enable --resource-types EC2 ECR LAMBDA LAMBDA_CODE
- Sign in to the AWS Console and open Amazon Inspector (v2)
- If not yet activated: click Get started > Activate Amazon Inspector
- If already activated: go to Settings > Scans and ensure EC2, ECR, Lambda functions, and Lambda code are all enabled, then Save
Source Code
Resource Type
Other