{"slug":"iam-aws-inspector2","cloud":"aws","service":"inspector2","title":"AWS Inspector2 (IAM)","description":"Amazon Inspector is a vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure.","category":"security","common_permissions":["inspector2:ListFindings","inspector2:ListCoverage","inspector2:ListFilters","inspector2:CreateFilter","inspector2:UpdateFilter","inspector2:DeleteFilter","inspector2:ListMembers","inspector2:GetMember"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"inspector2:ListFindings\",\n        \"inspector2:ListCoverage\",\n        \"inspector2:ListFilters\",\n        \"inspector2:CreateFilter\",\n        \"inspector2:UpdateFilter\",\n        \"inspector2:DeleteFilter\",\n        \"inspector2:ListMembers\",\n        \"inspector2:GetMember\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid inspector2:* — grants full control including creating, modifying, and deleting filters and findings data","Avoid inspector2:TagResource and inspector2:UntagResource on production resources — can disrupt cost allocation and resource tracking"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/inspector2/inspector2.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:51:18.801Z","updated_at":"2026-06-14T04:51:18.801Z"}