Feat/#55: Inspector 스캔을 통한 취약점 검사

[yunhoch0i]

#️⃣ Related Issues

#55

📝 Work Summary

AMI로 만들어진 서버의 runtime 환경의 보안 문제를 해결하기 위해 Inspector 스캔을 통해 로그 수집
수집된 로그를 통해 취약점이 발견된 경우 최신 보안 패치가 적용된 AMI를 빌드하여 후속 조치가 이루어질 수 있도록 파이프라인 구축

EC2 서버를 스캔하여 취약점이 감지되면 EventBridge를 통해 Lambda가 slack에 취약점 경고를 보내 담당자가 조치할 수 있는 환경 구성

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-29 02:25:20 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.prod_account will be created
  + resource "aws_inspector2_delegated_admin_account" "prod_account" {
      + account_id          = "502676416967"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 02:25:22 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.this will be created
  + resource "aws_inspector2_delegated_admin_account" "this" {
      + account_id          = "433331841346"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-29 02:25:21 UTC

---

Plan Output

(no changes or output empty)

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-29 02:25:22 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[github-actions]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/iam
Executed At	2025-07-29 04:21:01 UTC

---

Plan Output

(no changes or output empty)

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/inspector-delegation/organizations
Executed At	2025-07-29 04:21:02 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.this will be created
  + resource "aws_inspector2_delegated_admin_account" "this" {
      + account_id          = "433331841346"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/inspector
Executed At	2025-07-29 04:21:02 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_inspector2_delegated_admin_account.prod_account will be created
  + resource "aws_inspector2_delegated_admin_account" "prod_account" {
      + account_id          = "502676416967"
      + id                  = (known after apply)
      + relationship_status = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/lambda
Executed At	2025-07-29 04:21:08 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.inspector_slack_notification will be updated in-place
  ~ resource "aws_lambda_function" "inspector_slack_notification" {
        id                             = "inspector_slack_notification"
      ~ last_modified                  = "2025-07-24T04:35:03.737+0000" -> (known after apply)
      ~ source_code_hash               = "BnYLp/FUDSn+4mXnIsz47/0aAZJFUTrZ2sf78C8ZMGQ=" -> "BTE6zEU/p6MoZIzCBAMrvPZ7KuoETdkUlIAnrXUX4JU="
        tags                           = {}
        # (21 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              # Warning: this attribute value will be marked as sensitive and will not
              # display in UI output after applying this change.
              ~ "SLACK_WEBHOOK_URL" = (sensitive value)
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/runtime-verification/eventbridge
Executed At	2025-07-29 04:21:09 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[imyourhopeee]

inspector 스캔을 위해 inspectori, iam, lambda 등 설정 확인했습니다.