I guess another way to present the differences between Inspector vs. Trusted Advisor, is to point out that Trusted Advisor has no access within your EC2 instances.
Hence Trusted Advisor can only make security recommendations about things that it can observe from the account level, VPC level, and down to the hypervisor level – but not ‘lower’ than that.
Inspector on the other hand has the agent installed in your EC2’s, and so it make recommendations about things running inside the EC2 instance itself (but not account, VPC, etc.).
Yessir, you are spot on.
Agree. Also, Trusted advisor does not use any agent, while Inspector use Agent. Agree?
Yeah. Seems that way to me.
Aws always gives you the option to keep your instances private, so to use inspector, cloudwatch agent, etc you need to install an agent. Of course for shared responsability infrastructure you can use directly services like trusted advisor or config because they are not so private.