- Newest
- Most votes
- Most comments
As per AWS docs, Ubuntu 20.4 is indeed support
Operating system | Version |
---|---|
Ubuntu (Focal) | 20.04 (LTS) x86_64, ARM64 |
Ubuntu (Jammy) | 22.04 (LTS) x86_64, ARM64 |
Amazon Inspector uses AWS Systems Manager (SSM) and the SSM Agent to collect information about the software application inventory of your EC2 instances. This data is then scanned by Amazon Inspector for software vulnerabilities. Therefore, the instance must be a managed instance in Amazon EC2 Systems Manager (SSM). For that, there are 2 things:
- An SSM managed instance has the SSM Agent installed and running
- Has an attached AWS IAM instance profile that allows SSM to manage the instance. Make sure that IAM role has "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" attached to it.
In order to troubleshoot, request you to kindly check the status of SSM agent:
sudo systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service
Once that is done, make sure that Instance is listed as SSM Managed Instanced in:
"AWS System Manager" >> "Node Management" >> "FleetManager".
If you're able to see the Instance ID listed here, that means that instance is an SSM Managed Instance. You may also check the associated related to the instance by following command:
aws ssm list-associations | grep i-0db211234567890
In regard to your specific question related to InvokeInspectorSsmPlugin-do-not-delete SSM association, it runs the Amazon Inspector SSM plug-in at regular intervals to collect instance data and generate Amazon Inspector findings.
To Summarize:
- Ubuntu 20.4 is supported OS, I replicated the same in my environment, and I was able to get the findings.
- Kindly check and confirm, if instance is SSM managed instance. You can confirm it from "Fleet Manager" in System Manager's console. Also, check the latest associations.
- Make sure the role associated with the EC2 instance has at least "AmazonSSMManagedInstanceCore" & "AmazonSSMPatchAssociation" managed policy attached to it.
If even after checking above points, still EC2 instance is not scanning, request you to kindly reach out to us via Support Case with AWS Inspector team, and we will further be able to troubleshoot.
Relevant content
- asked 4 months ago
- asked 2 years ago
- asked 9 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago