How does Amazon Inspector manage to connect with awsagent(Inspector Agent) without any IAM Role?
This is the setup I have:
- EC2 with Inspector agent installed via userdata
- The EC2 with No Role
- AWS Inspector with auto-created service linked role AWSManagedPolicy: AmazonInspectorServiceRolePolicy
I have read the AmazonInspectorServiceRolePolicy and it only has Read/List rights to EC2. I can see Inspector can still connect and run Hot Assessments. What is giving inspector rights to ssh/run commands into EC2?