End of support notice: On May 20, 2026, AWS will end support for Amazon Inspector Classic. After May 20, 2026, you will no longer be able to access the Amazon Inspector Classic console or Amazon Inspector Classic resources. Amazon Inspector Classic no longer available to new accounts and accounts that have not completed an assessment in the last 6 months. For all other accounts, access will remain valid until May 20, 2026, after which you will no longer be able to access the Amazon Inspector Classic console or Amazon Inspector Classic resources. For more information, see [Amazon Inspector Classic end of support](https://docs.aws.amazon.com/inspector/v1/userguide/inspector-migration.html).
# What is Amazon Inspector Classic?
**Note**
The new Amazon Inspector, a completely rearchitected and redesigned version of Amazon Inspector Classic, is now available across AWS Regions. The new Amazon Inspector has expanded coverage to add support for container images residing in Amazon Elastic Container Registry (Amazon ECR) in addition to EC2 instances. The new Amazon Inspector offers multi-account support through integration with AWS Organizations, and continual software vulnerability and network reachability scanning based on common vulnerabilities and exposures (CVEs). We encourage you to explore and use these and other new and improved features, and to benefit from the significantly enhanced security value. To learn about features and pricing for the new Amazon Inspector, see [Amazon Inspector](https://aws.amazon.com/inspector/). To learn how to move to the new Amazon Inspector, see [Amazon Inspector Classic end of support](inspector-migration.md).
Amazon Inspector Classic tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances. Amazon Inspector Classic assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector Classic produces a detailed list of security findings that is organized by level of severity.
With Amazon Inspector Classic, you can automate security vulnerability assessments throughout your development and deployment pipelines or for static production systems. This allows you to make security testing a regular part of development and IT operations.
Amazon Inspector Classic also offers predefined software called an *agent* that you can optionally install in the operating system of the EC2 instances that you want to assess. The agent monitors the behavior of the EC2 instances, including network, file system, and process activity. It also collects a wide set of behavior and configuration data (telemetry).
**Important**
AWS doesn't guarantee that following the provided recommendations will resolve every potential security issue. The findings generated by Amazon Inspector Classic depend on your choice of rules packages included in each assessment template, the presence of non-AWS components in your system, and other factors. You are responsible for the security of applications, processes, and tools that run on AWS services. For more information, see the [AWS Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) for security.
**Note**
AWS is responsible for protecting the global infrastructure that runs the services offered in the AWS Cloud. This infrastructure consists of the hardware, software, networking, and facilities that run AWS services. AWS provides several reports from third-party auditors who have verified our compliance with a variety of computer security standards and regulations. For more information, see [AWS Cloud Compliance](https://aws.amazon.com/compliance).
For information about Amazon Inspector Classic terminology, see [Amazon Inspector Classic terminology and concepts](inspector_concepts.md).
## Benefits of Amazon Inspector Classic
Here are some of the main benefits of Amazon Inspector Classic:
+ **Integrate automated security checks into your regular deployment and production processes** – Assess the security of your AWS resources for forensics, troubleshooting, or active auditing purposes. Run the assessments during the development process, or run them in a stable production environment.
+ **Find application security issues** – Automate the security assessment of your applications and proactively identify vulnerabilities. This allows you to develop and iterate on new applications quickly, and assess compliance with best practices and policies.
+ **Gain a deeper understanding of your AWS resources** – Stay informed about the activity and configuration data of your AWS resources by reviewing the findings that Amazon Inspector Classic produces.
## Features of Amazon Inspector Classic
Here are some of the main features of Amazon Inspector Classic:
+ **Configuration scanning and activity monitoring engine** – Amazon Inspector Classic provides an agent that analyzes system and resource configuration. It also monitors activity to determine what an assessment target looks like, how it behaves, and its dependent components. The combination of this telemetry provides a complete picture of the target and its potential security or compliance issues.
+ **Built-in content library** – Amazon Inspector Classic includes a built-in library of rules and reports. These include checks against best practices, common compliance standards, and vulnerabilities. The checks include detailed recommended steps for resolving potential security issues.
+ **Automation through an API** – Amazon Inspector Classic can be fully automated through an API. This allows you to incorporate security testing into the development and design process, including selecting, executing, and reporting the results of those tests.
## Accessing Amazon Inspector Classic
You can work with the Amazon Inspector Classic service in any of the following ways:
**Amazon Inspector Classic Console**
Sign in to the AWS Management Console and open the Amazon Inspector Classic console at [https://console.aws.amazon.com/inspector/](https://console.aws.amazon.com/inspector/).
The console is a browser-based interface that lets you access and use the Amazon Inspector Classic service.
**AWS SDKs**
AWS provides software development kits (SDKs) that consist of libraries and sample code for various programming languages and platforms. These include Java, Python, Ruby, .NET, iOS, Android, and more. The SDKs provide a convenient way to create programmatic access to the Amazon Inspector Classic service. For information about the AWS SDKs, including how to download and install them, see [Tools for Amazon Web Services](https://aws.amazon.com/tools/).
**Amazon Inspector Classic HTTPS API**
You can access Amazon Inspector Classic and AWS programmatically by using the Amazon Inspector Classic HTTPS API, which lets you issue HTTPS requests directly to the service. For more information, see the [Amazon Inspector Classic API Reference](https://docs.aws.amazon.com/inspector/latest/APIReference/).
**AWS Command Line Tools**
You can use the AWS command line tools to run commands at your system's command line to perform Amazon Inspector Classic tasks. The command line tools are also useful if you want to build scripts that perform AWS tasks. For more information, see the [Amazon Inspector Classic AWS Command Line Interface](http://docs.aws.amazon.com/cli/latest/reference/inspector/index.html).
# Amazon Inspector Classic terminology and concepts
As you get started with Amazon Inspector Classic, you can benefit from learning about its key concepts.
**Amazon Inspector Classic agent**
A software agent that you can install on the EC2 instances that are included in the assessment target. The agent collects a wide set of configuration data (telemetry). For more information, see [Amazon Inspector Classic agents](inspector_agents.md).
**Assessment run**
The process of discovering potential security issues through the analysis of your assessment target's configuration against specified rules packages. During an assessment run, Amazon Inspector monitors, collects, and analyzes configuration data (telemetry) from resources within the specified target. Next, Amazon Inspector analyzes the data and compares it against a set of security rules packages that are specified in the assessment template used during the assessment run. A completed assessment run produces a list of findings, which are potential security issues of various levels of severity. For more information, see [Amazon Inspector Classic assessment templates and assessment runs](inspector_assessments.md).
**Assessment target**
In the context of Amazon Inspector Classic, a collection of AWS resources that work together as a unit to help you accomplish your business goals. Amazon Inspector Classic evaluates the security state of the resources that constitute the assessment target.
Currently, your Amazon Inspector Classic assessment targets can consist only of EC2 instances. For more information, see [Amazon Inspector Classic service limits](inspector_limits.md)
To create an Amazon Inspector Classic assessment target, you must first tag your EC2 instances with key-value pairs of your choice. Next, you can create a view of these tagged EC2 instances that have common keys or common values. For more information, see [Amazon Inspector Classic assessment targets](inspector_applications.md).
**Assessment template**
A configuration that is used during your assessment run. The template includes the following:
+ Rules packages that Amazon Inspector Classic uses to evaluate your assessment target
+ Amazon SNS topics that you want Amazon Inspector Classic to send notifications to about assessment run states and findings
+ Tags (key-value pairs) that you can assign to findings that are generated by the assessment run
+ The duration of the assessment run
**Finding**
A potential security issue that Amazon Inspector Classic discovers during an assessment run of the specified target. Findings are displayed in the Amazon Inspector Classic console or retrieved through the API. They contain both a detailed description of the security issue and a recommendation on how to fix it. For more information, see [Amazon Inspector Classic findings](inspector_findings.md).
**Rule**
In the context of Amazon Inspector Classic, a security check performed during an assessment run. When a rule detects a potential security issue, Amazon Inspector Classic generates a finding that describes the issue.
**Rules package**
In the context of Amazon Inspector Classic, a collection of rules. A rules package corresponds to a security goal that you might have. You can specify your security goal by selecting the appropriate rules package when you create an Amazon Inspector Classic assessment template. For more information, see [Amazon Inspector Classic rules packages and rules](inspector_rule-packages.md).
**Telemetry**
Installed package information and software configuration for an EC2 instance. Amazon Inspector Classic collects the data during an assessment run.
# Amazon Inspector Classic service limits
The following table shows the Amazon Inspector Classic limits for an AWS account.
**Important**
Currently, your assessment targets can consist only of EC2 instances.
The following are Amazon Inspector Classic limits per AWS account per region:
| Resource | Default Limit | Comments |
| --- | --- | --- |
| Instances in running assessments | 500 | The maximum number of EC2 instances that can be included across all running assessments per account per region. |
| Assessment runs | 50000 | The maximum number of assessment runs that you can create per account per region. You can have multiple assessment runs happening at the same time as long as the assessment targets used for these runs do not contain overlapping EC2 instances. |
| Assessment Templates | 500 | The maximum number of assessment templates that you can have at any given time per account per region. |
| Assessment Targets | 50 | The maximum number of assessment targets that you can have at any given time per account per region. |
Unless otherwise noted, these limits can be increased upon request by contacting the [AWS Support Center](https://console.aws.amazon.com/support/home#/).
# Amazon Inspector Classic pricing
Amazon Inspector Classic pricing is based on the number of EC2 instances included in each assessment and the rules packages used in those assessments.
## Pricing for the network reachability rules package
Amazon Inspector Classic assessments with the network reachability rules packages are priced per instance per assessment (instance-assessment) per month. For example, if you run 1 assessment against 1 instance, that is 1 instance-assessment. If you run 1 assessment against 10 instances, that is 10 instance-assessments. The pricing starts at \$10.15 per instance-assessment per month with volume discounting to achieve as low as \$10.04 per instance-assessment per month.
### Free trial details
| **First 90-days using Amazon Inspector Classic** | **Per instance-assessment price** |
| --- |--- |
| First 250 instance-assessments | \$10.00 |
### Pricing details
| **In a given month** | **Per instance-assessment price** |
| --- |--- |
| First 250 instance-assessments | \$10.15 |
| Next 750 instance-assessments | \$10.13 |
| Next 4,000 instance-assessments | \$10.10 |
| Next 45,000 instance-assessments | \$10.07 |
| All other instance-assessments | \$10.04 |
## Pricing for host assessment rules packages
**For any combination of Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) benchmarks, Security Best Practices, and Runtime Behavior Analysis included in assessments**
Amazon Inspector Classic's host assessment rules packages use an agent deployed on the Amazon EC2 Instances running the applications you want to assess. Assessments with the host rules packages are priced per agent per assessment (agent-assessment) per month. For example, if you run 1 assessment against 1 agent, that is 1 agent-assessment. If you run 1 assessment against 10 agents, that is 10 agent-assessments. The pricing starts at \$10.30 per agent-assessment per month with volume discounting to achieve as low as \$10.05 per agent-assessment per month.
### Free trial details
| **First 90-days using Amazon Inspector Classic** | **Per agent-assessment price** |
| --- |--- |
| First 250 agent-assessments | \$10.00 |
### Pricing details
| **In a given month** | **Per agent-assessment price** |
| --- |--- |
| First 250 agent-assessments | \$10.30 |
| Next 750 agent-assessments | \$10.25 |
| Next 4,000 agent-assessments | \$10.15 |
| Next 45,000 agent-assessments | \$10.10 |
| All other agent-assessments | \$10.05 |
# Amazon Inspector Classic supported operating systems and Regions
This chapter provides information about the operating systems and AWS Regions that Amazon Inspector Classic supports.
**Important**
Currently, Amazon Inspector Classic assessment targets can consist only of EC2 instances. You can run an agentless assessment with the [Network Reachability](inspector_network-reachability.md) rules package on any EC2 instances regardless of operating system.
For information about the Amazon Inspector Classic rules packages that are available across supported operating systems, see [Amazon Inspector Classic rules packages for supported operating systems](inspector_rule-packages_across_os.md).
**Topics**
+ [Supported Linux-based operating systems for the Amazon Inspector Classic agent](#inspector_supported-linux-os)
+ [Supported Windows-based operating systems for the Amazon Inspector Classic agent](#inspector_supported-win-os)
+ [Supported AWS Regions](#inspector_supported-regions)
## Supported Linux-based operating systems for the Amazon Inspector Classic agent
You can use the Amazon Inspector Classic agent on 64-bit x86 and [Arm](https://aws.amazon.com/ec2/instance-types/a1/) EC2 instances. The agent is compatible with the following versions of Linux-based operating systems:
+ **64-bit x86 instances**
+ Amazon Linux 2
+ Amazon Linux (2018.03, 2017.09, 2017.03, 2016.09, 2016.03, 2015.09, 2015.03, 2014.09, 2014.03, 2013.09, 2013.03, 2012.09, 2012.03)
+ Ubuntu (20.04 LTS, 18.04 LTS, 16.04 LTS, 14.04 LTS)
+ Debian (10.x, 9.0 - 9.5, 8.0 - 8.7)
+ Red Hat Enterprise Linux (8.x, 7.2, 6.2 - 6.9)
+ CentOS (7.2 - 7.x, 6.2 - 6.9)
+ **Arm instances**
+ Amazon Linux 2
+ Red Hat Enterprise Linux (7.6 - 7.x)
+ Ubuntu (18.04 LTS, 16.04 LTS)
## Supported Windows-based operating systems for the Amazon Inspector Classic agent
You can use the Amazon Inspector Classic agent only on EC2 instances that run the 64-bit version of the following Windows-based operating systems:
+ Windows Server 2019 Base
+ Windows Server 2016 Base
+ Windows Server 2012 R2
+ Windows Server 2012
+ Windows Server 2008 R2
## Supported AWS Regions
Amazon Inspector Classic is supported in the following AWS Regions:
+ US East (Ohio) us-east-2
+ US East (N. Virginia) us-east-1
+ US West (N. California) us-west-1
+ US West (Oregon) us-west-2
+ Asia Pacific (Mumbai) ap-south-1
+ Asia Pacific (Seoul) ap-northeast-2
+ Asia Pacific (Sydney) ap-southeast-2
+ Asia Pacific (Tokyo) ap-northeast-1
+ Europe (Frankfurt) eu-central-1
+ Europe (Ireland) eu-west-1
+ Europe (London) eu-west-2
+ Europe (Stockholm) eu-north-1
+ AWS GovCloud (US-East) gov-us-east-1
+ AWS GovCloud (US-West) gov-us-west-1
**Note**
The [Network Reachability](inspector_network-reachability.md) rules package is not available in the AWS GovCloud (US) Regions.