Deactivating a scan type in Amazon Inspector
This section describes how to deactivate a scan type. When you deactivate a scan type, you lose access to any findings the scan type produced. If you reactivate the scan type, Amazon Inspector scans all eligible resources to generate new findings.
Tip
If you want to keep a record of your findings, you can export them to an Amazon Simple Storage Service (Amazon S3) bucket as a findings report. For more information, see Exporting Amazon Inspector findings reports.
When you deactivate a scan type, you might encounter the following changes in the Amazon account where you deactivated the scan type:
Amazon EC2 scanning
When you deactivate Amazon Inspector Amazon EC2 scanning for an account, the following SSM associations are deleted:
-
InspectorDistributor-do-not-delete
-
InspectorInventoryCollection-do-not-delete
-
InspectorLinuxDistributor-do-not-delete
-
InvokeInspectorLinuxSsmPlugin-do-not-delete
-
InvokeInspectorSsmPlugin-do-not-delete
.
Additionally, the Amazon Inspector SSM plugin installed through this association is removed from all of your Windows hosts. For more information, see Scanning Windows EC2 instance.
Amazon ECR scanning
When you deactivate Amazon ECR scanning for an account, the Amazon ECR scan type account changes from Enhanced scanning with Amazon Inspector to Basic scanning with Amazon ECR.
Lambda standard scanning
When you deactivate Lambda standard scanning for an account, you deactivate Lambda code scanning if the scan type was actived. You also delete the CloudTrail service-linked channel that Amazon Inspector created when you activated Lambda standard scanning.
Deactivating scans
Deactivating all scan types for an account deactivates Amazon Inspector for that account in that Amazon Web Services Region. For more information, see Deactivating Amazon Inspector.
To complete this procedure for a multi-account environment, follow these steps while signed in as the Amazon Inspector delegated administrator.