Deactivating a scan type
You can deactivate a new Amazon Inspector scan type at any time. When you deactivate a scan type you lose access to any existing findings you have that were produced by that scan type. If you reactivate the scan type your eligible resources are scanned and Amazon Inspector will produce new findings. To keep a record of your findings data you can export your findings before you deactivate. For more information, see Exporting findings reports from Amazon Inspector.
When you deactivate a scan type certain changes may occur in that Amazon account depending on the scan type being deactivated. The following are the changes that will occur when you deactivate these scan types:
-
Amazon EC2 scanning — When you deactivate Amazon Inspector Amazon EC2 scanning for an account, the following SSM associations used by Amazon Inspector are deleted:
-
InspectorDistributor-do-not-delete
-
InspectorInventoryCollection-do-not-delete
-
InspectorLinuxDistributor-do-not-delete
-
InvokeInspectorLinuxSsmPlugin-do-not-delete
-
InvokeInspectorSsmPlugin-do-not-delete
. Additionally, the Amazon Inspector SSM plugin installed through this association is removed from all of your Windows hosts. For more information, see Scanning Windows instances.
-
-
Amazon ECR scanning — When you deactivate Amazon ECR container image scanning for an account, the Amazon ECR scan type for that account changes from Enhanced scanning with Amazon Inspector to Basic scanning with Amazon ECR.
-
Lambda standard scanning — When you deactivate Lambda standard scanning in an account, it will deactivate Lambda code scanning if code scanning was also active. Additionally the CloudTrail service linked channel created when scanning was enabled is deleted.
Deactivating scans
Deactivating all scan types for an account deactivates Amazon Inspector for that account in that Amazon Web Services Region. For more information, see Deactivating Amazon Inspector.
To complete this procedure for a multi-account environment, follow these steps while signed in as the Amazon Inspector delegated administrator.