Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/epomatti/aws-guardduty

AWS GuardDuty demo with S3, RDS, EC2
https://github.com/epomatti/aws-guardduty

aws aws-guardduty aws-security guardduty malware rds terraform

Last synced: about 8 hours ago
JSON representation

AWS GuardDuty demo with S3, RDS, EC2

Host: GitHub
URL: https://github.com/epomatti/aws-guardduty
Owner: epomatti
License: mit
Created: 2023-08-14T01:40:58.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-05-07T20:33:25.000Z (6 months ago)
Last Synced: 2024-05-07T21:34:04.976Z (6 months ago)
Topics: aws, aws-guardduty, aws-security, guardduty, malware, rds, terraform
Language: HCL
Homepage:
Size: 136 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# AWS GuardDuty

Threat detection with AWS GuardDuty.

Events are sourced from RDS Aurora, S3 and EC2.

> 💡 GuardDuty will be enabled by Terraform

```sh
terraform plan
terraform apply -auto-approve
```

The configuration will also provision IP sets in `TXT` format for:

- Trusted IPs
- Threat IPs

## 🟧 EC2 Malware Scan

Execute an on-demand scan on an instance:

```sh
aws guardduty start-malware-scan \
--resource-arn 'arn:aws:ec2:us-east-2:000000000000:instance/i-00000000000000000'
```

## 🚨 Runtime Monitoring

The VPC endpoint `com.amazonaws.us-east-2.guardduty-data` will be created by Terraform. GuardDuty service states it does not charge for these endpoints.

Let GuardDuty use [automated][3] agent configuration, or install it manually.

If SSM Default Host Management is enabled, the agent will be automatically installed.

Otherwise, install the agent manually:

```sh
aws ssm send-command \
--document-name "AWS-ConfigureAWSPackage" \
--instance-ids "i-00000000000000000" \
--parameters '{"action":["Install"],"installationType":["Uninstall and reinstall"],"name":["AmazonGuardDuty-RuntimeMonitoringSsmPlugin"]}'
```

As of today, Ubuntu is [not yet supported][4]:

> Although the support for Ubuntu is not available right now, it will be in the near future.

Installing for Ubuntu will trigger an error message like this:

> failed to find platform: no manifest found for platform: ubuntu, version 22.04, architecture arm64

Example of Amazon Linux instance covered by GuardDuty:

[1]: https://aws.amazon.com/guardduty/faqs/
[2]: https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html
[3]: https://docs.aws.amazon.com/guardduty/latest/ug/how-runtime-monitoring-works-ec2.html#use-automated-agent-config-ec2
[4]: https://docs.aws.amazon.com/guardduty/latest/ug/prereq-runtime-monitoring-ec2-support.html#validating-architecture-req-ec2