AWS Inspector2 (IAM)

aws security

Amazon Inspector is a vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure.

Common permissions

inspector2:ListFindingsinspector2:ListCoverageinspector2:ListFiltersinspector2:CreateFilterinspector2:UpdateFilterinspector2:DeleteFilterinspector2:ListMembersinspector2:GetMember

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "inspector2:ListFindings",
        "inspector2:ListCoverage",
        "inspector2:ListFilters",
        "inspector2:CreateFilter",
        "inspector2:UpdateFilter",
        "inspector2:DeleteFilter",
        "inspector2:ListMembers",
        "inspector2:GetMember"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid inspector2:* — grants full control including creating, modifying, and deleting filters and findings data
Avoid inspector2:TagResource and inspector2:UntagResource on production resources — can disrupt cost allocation and resource tracking

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/inspector2/inspector2.json ↗

API

full doc /v1/iam/inspector2