Posted On: Sep 29, 2022
Bottlerocket, a Linux-based operating system that is purpose built to run container workloads, is now integrated with HAQM Inspector. Customers that have Inspector EC2 scanning already enabled do not need to take any additional action. If HAQM Inspector discovers a vulnerability, it will recommend an update to the version of Bottlerocket that fixes that vulnerability.
HAQM Inspector is a vulnerability management service that scans EC2 and container workloads for software vulnerabilities and unintended network exposure. HAQM Inspector leverages the AWS System Manager (SSM) agent to scan for vulnerabilities. In Bottlerocket hosts, the SSM agent runs within the control host container, so you need to make sure it is enabled in your hosts.
Integration with HAQM Inspector is available in AWS Commercial Regions for Bottlerocket versions starting from 1.7.0. Standard pricing rates for HAQM Inspector apply. Bottlerocket is an open-source Linux distribution with an open development model and community participation. It’s available at no additional cost and is fully supported by HAQM Web Services. You can learn more about Bottlerocket by visiting the AWS product page and Bottlerocket’s Github repository. For support, please contact the Bottlerocket team through your designated AWS representative or by opening a new issue on GitHub.