Skip to content
Untitled design-3
Victoria JeffreyNovember 25, 20221 min read

Reveal Vulnerabilities in AWS EC2 Instances with cnspec

reveal vuln featured image-1

Vulnerabilities are bad. We all know this. They expose your infrastructure to attackers. 

How do you get vulnerabilities in EC2 instances?

Images come with packages, and installed packages don't automatically update for you. Stuff gets out of date.

It might be the EC2 instances that run your production apps, or it might just be that EC2 instance you or your developers use to test stuff, the one with a public IP and port 22 open. Would it really be okay if someone got in there? Are any important creds possibly exposed via env var? Source code? How sure are you? What kind of lateral access could an attacker gain?

Find 'em!

Take a minute to check for vulnerabilities with open source cnspec and quickly assess the state of your EC2 instance.  Here are the results from an instance created with the latest Amazon Linux 2 image available via the EC2 instance-create wizard:

AWS_REGION=us-east-1 AWS_PROFILE="vvdefault" cnspec vuln aws ec2 instance-connect ec2-user@i-0d22a683bacf1c30c
terminal screenshot

Get started with cnspec today.

You've got a full list of results, and scores to tell you what should be prioritized. So what's next?

Fix 'em!

SSH to the instance and run a sudo yum update -y

That should actually take care of most (if not all) of these.

Check again 🎉 

AWS_REGION=us-east-1 AWS_PROFILE="vvdefault" cnspec vuln aws ec2 instance-connect ec2-user@i-0d22a683bacf1c30c

In this case, we didn't install any additional packages, so a simple update took care of it all! 🎉


Victoria Jeffrey

Victoria Jeffrey (also known as vj) is an Engineering Manager/Software Engineer living near Denver, Colorado. She's been doing this coding and DevOps and security thing for over seven years now, and still loves every minute of it. Vj spends her free time hanging with her family, binging too much tv, and fulfilling her suburban mom obligations by going to pilates and trying to maintain a small herb garden.


view raw