Set up Amazon Inspector (Classic) by creating an Amazon Inspector Assessment Template and specify EC2 Assessment Targets. Select from predefined rule packages: Common Vulnerabilities and Exposures, Center for Internet Security (CIS) Benchmarks, Security Best Practices for Amazon Inspector, Runtime Behavior Analysis, and Network Reachability.

Set up Amazon Inspector (Classic) Recurring Assessments by creating a custom Amazon Inspector Assessment Template and specify EC2 Assessment Targets.

Set up Amazon Inspector (Classic) Assessment Template to scan EC2 instances against the CIS Benchmarks Security Rule Package.

Set up Amazon Inspector (Classic) Assessment Template to scan EC2 instances against the Common Vulnerabilities and Exposures (CVE) Rule Package.

A CloudWatch Event Rule that triggers on Amazon Inspector findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.