Certified Security - Specialty

Sign Up Free or Log In to participate!

Inspector is for checking “within” the EC2’s, and Trusted Advisor is for checking “outside” EC2’s; agree?

I guess another way to present the differences between Inspector vs. Trusted Advisor, is to point out that Trusted Advisor has no access within your EC2 instances.

Hence Trusted Advisor can only make security recommendations about things that it can observe from the account level, VPC level, and down to the hypervisor level – but not ‘lower’ than that.

Inspector on the other hand has the agent installed in your EC2’s, and so it make recommendations about things running inside the EC2 instance itself (but not account, VPC, etc.).


Aws always gives you the option to keep your instances private, so to use inspector, cloudwatch agent, etc you need to install an agent. Of course for shared responsability infrastructure you can use directly services like trusted advisor or config because they are not so private.

3 Answers


Yessir, you are spot on.

Agree. Also, Trusted advisor does not use any agent, while Inspector use Agent. Agree?

Phil Jay

Yeah. Seems that way to me.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?