All integrations
InfrastructureNetwork

AWS Inspector integration

The AWS Inspector integration authenticates with an IAM access-key pair, verifies the account via STS, and pulls Amazon Inspector v2 findings — package CVEs on EC2 instances, ECR container images and Lambda functions, plus code vulnerabilities. Leave the region blank to sweep all regions or pin it to one.

Scan types imported

  • Package (CVE) findings on EC2, ECR images and Lambda
  • Code vulnerabilities (CWE) from Amazon Inspector code scanning

API connection

Enter an IAM access key and pick a region (or All Regions). The Test button validates the credentials via STS GetCallerIdentity and records your AWS account ID. On every run Centraleyezer lists all Inspector findings per region and imports them.

Configuration

Region
A single AWS region (e.g. eu-central-1) or All Regions to sweep every standard region.
Access Key ID
The IAM access key ID (entered in the username field).
Secret Access Key
The IAM secret access key (entered in the password field).
Remote Identifier
Your AWS account ID — filled in automatically by the Test button.
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials.

Where to get the credentials

Create an IAM user (or role credentials) with read access to Amazon Inspector v2 — the AmazonInspector2ReadOnlyAccess managed policy plus sts:GetCallerIdentity is sufficient — and generate an access key under IAM → Users → Security credentials.

What gets imported on every run

  • Package vulnerability findings: CVE ID, severity, CVSS, affected package and fixed version, per EC2 instance / ECR image / Lambda function.
  • Code vulnerability findings with CWE classification.
  • Exploitability information where Amazon Inspector provides it.
  • Assets are auto-created per AWS resource (resource ID and type recorded) and auto-closed when a resource is remediated or decommissioned.

How imported findings are risk-scored

Every AWS Inspector finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the AWS Inspector integration live

Book a demo and we’ll connect your AWS Inspector data and walk through risk-based prioritisation on your own findings.

AWS Inspector Integration — Setup & Imported Scan Types