At this week's re:invent conference, Amazon introduced a service that looks for and identifies potential security and compliance vulnerabilities.
The new Amazon Inspector tool (available now in preview) analyzes the behavior of applications that run in AWS and works on an application-by-application basis.
Developers start by defining a collection of AWS resources, then create and run assessments of that application. At launch, Inspector provides findings on common vulnerabilities and exposures, general network security, authentication, operation system and application security and a PCI DSS 3.0 assessment. Those running the Inspector agent can define the rules for the assessment and even set the duration (the default duration is 24 hours).
The Inspector service can be accessed from the AWS Management Console, AWS Command Line Interface or the API.
There are a few companies on the market today with similar offerings including CloudPassage and Dome9, but even so, Inspector comes at an important time in the maturation of the cloud, as systems, configurations and applications become increasingly complex and detecting security and compliance issues becomes more challenging.