Amazon Inspector supports organization-wide management through AWS Organizations policies

Amazon Inspector Organization-wide Management

Amazon Inspector can now be enabled, configured, and managed across your organization using AWS Org policies. This feature allows you to centrally configure and manage scan types across all accounts in your organization, selected organizational units (OUs), or individual accounts.

The new Inspector policy type within AWS Organization simplifies service onboarding, management, and ensures consistent, organization-wide vulnerability scanning coverage. This feature helps maintain a uniform security baseline by automating Inspector enablement through a single AWS Organization policy.

What to do

• Designate a delegated admin within Amazon Inspector
• Enable the “Inspector policies” policy type in the AWS Organizations console
• Create a policy that specifies the desired scan types and Regions
• Attach the policy to your organization root or OUs

When the Inspector policy is created and attached, all in-scope accounts automatically align with your Organization-wide policy definition. New accounts that join the organization or are moved into an OU with an attached policy inherit Inspector enablement automatically, reducing operational overhead and eliminating coverage gaps.

Amazon Inspector is a vulnerability management service that continuously scans AWS workloads for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS organization. The AWS Organizations Inspector policy for organization-wide enablement is available at no additional cost to Amazon Inspector customers in all AWS commercial, China, and AWS GovCloud (US) Regions where Amazon Inspector is available.

Source: AWS release notes

If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.