aws · kdaily · Jul 19, 2024 · Jul 2, 2024
diff --git a/awscli/examples/inspector2/create-filter.rst b/awscli/examples/inspector2/create-filter.rst
@@ -0,0 +1,17 @@
+**To create a filter**
+
+The following ``create-filter`` example creates a suppression rule that omits ECR instance type findings. ::
+
+    aws inspector2 create-filter \
+        --name "ExampleSuppressionRuleECR" \
+        --description "This suppression rule omits ECR instance type findings" \
+        --action SUPPRESS \
+        --filter-criteria 'resourceType=[{comparison="EQUALS", value="AWS_ECR_INSTANCE"}]'
+
+Output::
+
+    {
+        "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"
+    }
+
+For more information, see `Filtering Amazon Inspector findings <https://docs.aws.amazon.com/inspector/latest/user/findings-managing-filtering.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/create-findings-report.rst b/awscli/examples/inspector2/create-findings-report.rst
@@ -0,0 +1,16 @@
+**To create a findings report**
+
+The following ``create-findings-report`` example creates a finding report. ::
+
+    aws inspector2 create-findings-report \
+        --report-format CSV \
+        --s3-destination bucketName=inspector-sbom-123456789012,keyPrefix=sbom-key,kmsKeyArn=arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333 \
+        --filter-criteria '{"ecrImageRepositoryName":[{"comparison":"EQUALS","value":"debian"}]}'
+
+Output::
+
+    {
+        "reportId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333"
+    }
+
+For more information, see `Managing findings in Amazon Inspector <https://docs.aws.amazon.com/inspector/latest/user/findings-managing.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/create-sbom-export.rst b/awscli/examples/inspector2/create-sbom-export.rst
@@ -0,0 +1,16 @@
+**To create a software bill of materials (SBOM) report**
+
+The following ``create-sbom-export`` example creates a software bill of materials (SBOM) report. ::
+
+    aws inspector2 create-sbom-export \
+        --report-format SPDX_2_3 \
+        --resource-filter-criteria 'ecrRepositoryName=[{comparison="EQUALS",value="debian"}]' \
+        --s3-destination bucketName=inspector-sbom-123456789012,keyPrefix=sbom-key,kmsKeyArn=arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333
+
+Output::
+
+    {
+        "reportId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333"
+    }
+
+For more information, see `Exporting SBOMs with Amazon Inspector <https://docs.aws.amazon.com/inspector/latest/user/sbom-export.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/delete-filter.rst b/awscli/examples/inspector2/delete-filter.rst
@@ -0,0 +1,14 @@
+**To delete a filter**
+
+The following ``delete-filter`` example deletes a filter. ::
+
+    aws inspector2 delete-filter \
+        --arn "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"
+
+Output::
+
+    {
+        "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"
+    }
+
+For more information, see `Filtering Amazon Inspector findings <https://docs.aws.amazon.com/inspector/latest/user/findings-managing-filtering.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/get-configuration.rst b/awscli/examples/inspector2/get-configuration.rst
@@ -0,0 +1,26 @@
+**To get the setting configuration for Inspector scans**
+
+The following ``get-configuration`` example gets the setting configuration for Inspector scans. ::
+
+    aws inspector2 get-configuration
+
+Output::
+
+    {
+        "ec2Configuration": {
+            "scanModeState": {
+                "scanMode": "EC2_HYBRID",
+                "scanModeStatus": "SUCCESS"
+            }
+        },
+        "ecrConfiguration": {
+            "rescanDurationState": {
+                "pullDateRescanDuration": "DAYS_90",
+                "rescanDuration": "DAYS_30",
+                "status": "SUCCESS",
+                "updatedAt": "2024-05-14T21:16:20.237000+00:00"
+            }
+         }
+    }
+
+For more information, see `Automated resource scanning with Amazon Inspector <https://docs.aws.amazon.com/inspector/latest/user/scanning-resources.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/list-account-permissions.rst b/awscli/examples/inspector2/list-account-permissions.rst
@@ -0,0 +1,46 @@
+**To list account permissions**
+
+The following ``list-account-permissions`` example lists your account permissions. ::
+
+    aws inspector2 list-account-permissions
+
+Output::
+
+    {
+        "permissions": [
+            {
+                "operation": "ENABLE_SCANNING",
+                "service": "ECR"
+            },
+            {
+                "operation": "DISABLE_SCANNING",
+                "service": "ECR"
+            },
+            {
+                "operation": "ENABLE_REPOSITORY",
+                "service": "ECR"
+            },
+            {
+                "operation": "DISABLE_REPOSITORY",
+                "service": "ECR"
+            },
+            {
+                "operation": "ENABLE_SCANNING",
+                "service": "EC2"
+            },
+            {
+                "operation": "DISABLE_SCANNING",
+                "service": "EC2"
+            },
+            {
+                "operation": "ENABLE_SCANNING",
+                "service": "LAMBDA"
+            },
+            {
+                "operation": "DISABLE_SCANNING",
+                "service": "LAMBDA"
+            }
+        ]
+    }
+
+For more information, see `Identity and Access Management for Amazon Inspector <https://docs.aws.amazon.com/inspector/latest/user/security-iam.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/list-coverage-statistics.rst b/awscli/examples/inspector2/list-coverage-statistics.rst
@@ -0,0 +1,80 @@
+**Example 1: To list coverage statistics by groups**
+
+The following ``list-coverage-statistics`` example lists the coverage statistics of your AWS environment by groups. ::
+
+    aws inspector2 list-coverage-statistics \
+       --group-by RESOURCE_TYPE 
+
+Output::
+
+    {
+        "countsByGroup": [
+            {
+                "count": 56,
+                "groupKey": "AWS_LAMBDA_FUNCTION"
+            },
+            {
+                "count": 27,
+                "groupKey": "AWS_ECR_REPOSITORY"
+            },
+            {
+                "count": 18,
+                "groupKey": "AWS_EC2_INSTANCE"
+            },
+            {
+                "count": 3,
+                "groupKey": "AWS_ECR_CONTAINER_IMAGE"
+            },
+            {
+                "count": 1,
+                "groupKey": "AWS_ACCOUNT"
+            }
+        ],
+        "totalCounts": 105
+    }
+
+For more information, see `Assessing Amazon Inspector coverage of your AWS environment <https://docs.aws.amazon.com/inspector/latest/user/assessing-coverage.html>`__ in the *Amazon Inspector User Guide*.
+
+**Example 2: To list coverage statistics by resource type**
+
+The following ``list-coverage-statistics`` example lists the coverage statistics of your AWS environment by resource type. ::
+
+    aws inspector2 list-coverage-statistics 
+        --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_ECR_REPOSITORY"}]}' 
+        --group-by SCAN_STATUS_REASON
+
+Output::
+
+    {
+        "countsByGroup": [
+            {
+                "count": 27,
+                "groupKey": "SUCCESSFUL"
+            }
+        ],
+        "totalCounts": 27
+    }
+
+For more information, see `Assessing Amazon Inspector coverage of your AWS environment <https://docs.aws.amazon.com/inspector/latest/user/assessing-coverage.html>`__ in the *Amazon Inspector User Guide*.
+
+**Example 3: To list coverage statistics by ECR repository name**
+
+The following ``list-coverage-statistics`` example lists the coverage statistics of your AWS environment by ECR repository name. ::
+
+    aws inspector2 list-coverage-statistics
+       --filter-criteria '{"ecrRepositoryName":[{"comparison":"EQUALS","value":"debian"}]}'
+       --group-by SCAN_STATUS_REASON
+
+Output::
+
+    {
+        "countsByGroup": [
+            {
+                "count": 3,
+                "groupKey": "SUCCESSFUL"
+            }
+        ],
+        "totalCounts": 3
+    }
+
+For more information, see `Assessing Amazon Inspector coverage of your AWS environment <https://docs.aws.amazon.com/inspector/latest/user/assessing-coverage.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/list-coverage.rst b/awscli/examples/inspector2/list-coverage.rst
@@ -0,0 +1,61 @@
+**Example 1: To list coverage details about your environment**
+
+The following ``list-coverage`` example lists your environment's coverage details. ::
+
+    aws inspector2 list-coverage
+
+Output::
+
+    {
+        "coveredResources": [
+            {
+                "accountId": "123456789012",
+                "lastScannedAt": "2024-05-20T16:23:20-07:00",
+                "resourceId": "i-EXAMPLE55555555555",
+                "resourceMetadata": {
+                    "ec2": {
+                        "amiId": "ami-EXAMPLE6666666666",
+                        "platform": "LINUX"
+                    }
+                },
+                "resourceType": "AWS_EC2_INSTANCE",
+                "scanStatus": {
+                    "reason": "SUCCESSFUL",
+                    "statusCode": "ACTIVE"
+                },
+                "scanType": "PACKAGE"
+            }
+        ]
+    }
+
+**Example 2: To list coverage details about the Lambda function resource type**
+
+The following ``list-coverage`` example lists your Lamda function resource type details. ::
+
+    aws inspector2 list-coverage
+        --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_LAMBDA_FUNCTION"}]}'
+
+Output::
+
+    {
+        "coveredResources": [
+            {
+                "accountId": "123456789012",
+                "resourceId": "arn:aws:lambda:us-west-2:123456789012:function:Eval-container-scan-results:$LATEST",
+                "resourceMetadata": {
+                    "lambdaFunction": {
+                        "functionName": "Eval-container-scan-results",
+                        "functionTags": {},
+                        "layers": [],
+                        "runtime": "PYTHON_3_7"
+                    }
+                },
+                "resourceType": "AWS_LAMBDA_FUNCTION",
+                "scanStatus": {
+                    "reason": "SUCCESSFUL",
+                    "statusCode": "ACTIVE"
+                },
+                "scanType": "CODE"
+            }
+        ]
+    }
diff --git a/awscli/examples/inspector2/list-delegated-admin-accounts.rst b/awscli/examples/inspector2/list-delegated-admin-accounts.rst
@@ -0,0 +1,18 @@
+**To list information about the delegated administrator account of your organization**
+
+The following ``list-delegated-admin-accounts`` example lists information about the delegated administrator account of your organization. ::
+
+    aws inspector2 list-delegated-admin-accounts
+
+Output::
+
+    {
+        "delegatedAdminAccounts": [
+            {
+                "accountId": "123456789012",
+                "status": "ENABLED"
+            }
+        ]
+    }
+
+For more information, see `Designating a delegated administrator for Amazon Inspector <https://docs.aws.amazon.com/inspector/latest/user/admin-member-relationship.html>`__ in the *Amazon Inspector User Guide*.
diff --git a/awscli/examples/inspector2/list-filters.rst b/awscli/examples/inspector2/list-filters.rst
@@ -0,0 +1,50 @@
+**To list filters associated with the account that you used to activated Amazon Inspector**
+
+The following ``list-filters`` examples lists filters associated with the account that you used to activated Amazon Inspector. ::
+
+    aws inspector2 list-filters
+
+Output::
+
+    {
+        "filters": [
+            {
+                "action": "SUPPRESS",
+                "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444",
+                "createdAt": "2024-05-15T21:11:08.602000+00:00",
+                "criteria": {
+                    "resourceType": [
+                        {
+                            "comparison": "EQUALS",
+                            "value": "AWS_EC2_INSTANCE"
+                        },
+                    ]
+                },
+                "description": "This suppression rule omits EC2 instance type findings",
+                "name": "ExampleSuppressionRuleEC2",
+                "ownerId": "o-EXAMPLE222",
+                "tags": {},
+                "updatedAt": "2024-05-15T21:11:08.602000+00:00"
+            },
+            {
+                "action": "SUPPRESS",
+                "arn": "arn:aws:inspector2:us-east-1:813737243517:owner/o-EXAMPLE222/filter/EXAMPLE444444444",
+                "createdAt": "2024-05-15T21:28:27.054000+00:00",
+                "criteria": {
+                    "resourceType": [
+                        {
+                            "comparison": "EQUALS",
+                            "value": "AWS_ECR_INSTANCE"
+                        }
+                    ]   
+                },
+                "description": "This suppression rule omits ECR instance type findings",
+                "name": "ExampleSuppressionRuleECR",
+                "ownerId": "o-EXAMPLE222",
+                "tags": {},
+                "updatedAt": "2024-05-15T21:28:27.054000+00:00"
+            }
+        ]
+    }
+
+For more information, see `Filtering Amazon Inspector findings <https://docs.aws.amazon.com/inspector/latest/user/findings-managing-filtering.html>`__ in the *Amazon Inspector User Guide*.