[inspector2] GetConfiguration is missing the ec2Configuration
object
#2617
Labels
feature-request
A feature should be added or improved.
ec2Configuration
object
#2617
Describe the feature
First of all: I don't know if this repository is the correct one to open this issue at. However, as I use the AWS SDK Go v2 as the main development tool when using aws, it feels good to open it here, even if the issue spreads through all SDKs and the CLI as well :)
Recently (yesterday), AWS announced a new agentless scanning for EC2 instances:
https://aws.amazon.com/about-aws/whats-new/2024/04/amazon-inspector-agentless-vulnerability-assessments-ec2-ga/
This includes a new configuration for inspector, which allows an account user to switch between agentless and agent-based scanning. When looking into the AWS Management Console, this is done using the two API calls:
POST https://inspector2.<region>.amazonaws.com/configuration/get
-> used to retrieve the current configuration, which will respond like:
In the
ec2Configuration
object, the current configuration of the agent-based or agentless configuration is visible. To change the config, there is another API request:POST https://inspector2.<region>.amazonaws.com/configuration/update
with the following body (as an example):
Unfortunately, these new fields are neither documented in the API documentation[1][2], nor exposed in the Go SDK v2. It would be nice to have this visibility (for the GetConfiguration API), as well as the possibility to change the current configuration for EC2 scanning (just like it is possibel with the ECR one).
[1] https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetConfiguration.html
[2] https://docs.aws.amazon.com/inspector/v2/APIReference/API_UpdateConfiguration.html
Use Case
We use the AWS SDK Go v2 as tooling for account provisioning and automatic account configuration to assist our developers in their usage with AWS. Configuring the EC2 scanning mode is crucial in order for us to be able to use agent-based or agentless scanning (and configuring this in accordance to our requirements) at a scale of multiple hundreds of accounts. Without going into each account manually and setting this config through the UI :)
Proposed Solution
No response
Other Information
No response
Acknowledgements
AWS Go SDK V2 Module Versions Used
github.com/aws/aws-sdk-go-v2/service/inspector2 v1.24.4
Go version used
go version go1.21.5 darwin/arm64
The text was updated successfully, but these errors were encountered: