#!/bin/bash

# A script to enable AWS Inspector (v2) for EC2 and ECR scanning using AWS CLI.

# --- Configuration ---
REGION="us-east-1"
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

# --- 1. Enable Inspector ---
echo "--- Enabling Amazon Inspector for EC2 and ECR ---"
aws inspector2 enable \
  --resource-types EC2 ECR \
  --account-ids $ACCOUNT_ID \
  --region $REGION

echo "Amazon Inspector enablement initiated. Waiting for status..."

# Give it a moment to update status
sleep 10

# --- 2. Output Status ---
echo -e "\n--- Amazon Inspector Status ---"
aws inspector2 get-configuration \
  --region $REGION \
  --query 'maxAccountLimit' --output text # A simple way to check if enabled

echo "Amazon Inspector is now enabled for EC2 and ECR scanning in your account."
echo "It may take some time for initial scans to complete and findings to appear."

read -p "Press Enter to disable Amazon Inspector..."

# --- Clean Up ---
echo -e "\n--- Cleaning up resources ---"

# Disable Inspector
echo "Disabling Amazon Inspector..."
aws inspector2 disable \
  --resource-types EC2 ECR \
  --account-ids $ACCOUNT_ID \
  --region $REGION

echo "Amazon Inspector disabled."

echo -e "\n--- Amazon Inspector demonstration and cleanup complete ---"