Explanation
Amazon Inspector is the correct service for this requirement because:
- Vulnerability Assessment: Amazon Inspector automatically assesses Amazon EC2 instances for software vulnerabilities and unintended network exposure
- Network Reachability Analysis: It analyzes the security groups and network configurations to identify unintended network accessibility
- Automated Security Scanning: It provides automated security assessments to help identify security vulnerabilities
- EC2 Instance Focus: Specifically designed to assess the security state of EC2 instances
Why other options are incorrect:
- AWS Config: Focuses on resource configuration compliance and auditing, not vulnerability scanning
- AWS Trusted Advisor: Provides cost optimization, performance, and security best practice recommendations, but not detailed vulnerability scanning
- AWS Shield: A DDoS protection service, not a vulnerability assessment tool
Amazon Inspector generates detailed findings with severity levels and remediation steps, making it ideal for identifying security vulnerabilities and unintended network access on EC2 instances.
