{"id":2623,"date":"2023-03-20T04:39:00","date_gmt":"2023-03-20T04:39:00","guid":{"rendered":"https:\/\/www.easydeploy.io\/blog\/?p=2623"},"modified":"2023-06-19T13:21:43","modified_gmt":"2023-06-19T12:21:43","slug":"aws-guardduty-enabling","status":"publish","type":"post","link":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/","title":{"rendered":"Enable AWS GuardDuty to detect suspicious activity within your AWS account Using Terraform"},"content":{"rendered":"<h1>Introduction to AWS Guard Duty<\/h1>\n<p><strong>AWS GuardDuty<\/strong> is a threat detection service offered by Amazon Web Services (AWS) that continuously monitors and analyzes AWS account activity and network traffic to identify potential security threats. It uses <strong>machine learning, anomaly detection<\/strong>, and <strong>threat intelligence<\/strong> to analyze data from AWS <strong>CloudTrail<\/strong>, <strong>VPC Flow Logs<\/strong>, and <strong>AWS<\/strong> <strong>DNS logs<\/strong>, and then generates security alerts for potential threats, such as unauthorized access, data exfiltration, or malware infections.<\/p>\n<p><strong>AWS GuardDuty<\/strong> provides a centralized AWS dashboard for security operations teams to view and investigate security findings, as well as integrations with other AWS services, such as AWS CloudWatch, AWS Lambda, and AWS Security Hub, for automated response and remediation. By using AWS <strong>GuardDuty,<\/strong>\u00a0customers can improve their security posture and quickly identify and respond to potential security incidents, helping to protect their sensitive data and applications running on AWS.<\/p>\n<p><span>In this blog, we will explore the key features and benefits of AWS <strong>GuardDuty,<\/strong> how to set up and configure the service using terraform script, and best practices for using this<strong> AWS Service<\/strong> to improve your AWS cloud security posture. We will also discuss the use cases of AWS <strong>GuardDuty.<\/strong><\/span><\/p>\n<h2>Prerequisites<\/h2>\n<p>An <strong>IAM user<\/strong> is attached with the following permissions.<\/p>\n<ul>\n<li><span><a class=\"awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/us-east-1.console.aws.amazon.com\/iam\/home#\/policies\/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FAmazonSNSFullAccess\" data-awsui-focus-visible=\"true\">AmazonSNSFullAccess<\/a><\/span><\/li>\n<li><span><a class=\"awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/us-east-1.console.aws.amazon.com\/iam\/home#\/policies\/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FAmazonGuardDutyFullAccess\" data-awsui-focus-visible=\"true\">AmazonGuardDutyFullAccess<\/a><\/span><\/li>\n<li><span><a class=\"awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/us-east-1.console.aws.amazon.com\/iam\/home#\/policies\/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FAmazonEventBridgeFullAccess\" data-awsui-focus-visible=\"true\">AmazonEventBridgeFullAccess<\/a><\/span><\/li>\n<li><span><a class=\"awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/us-east-1.console.aws.amazon.com\/iam\/home#\/policies\/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FAWSCloudTrail_FullAccess\" data-awsui-focus-visible=\"true\">AWSCloudTrail_FullAccess<\/a><\/span><\/li>\n<li>\n<div class=\"awsui_root_18wu0_1tu1m_93 awsui_box_18wu0_1tu1m_207 awsui_m-right-xxs_18wu0_1tu1m_803 awsui_d-inline_18wu0_1tu1m_989 awsui_color-default_18wu0_1tu1m_207 awsui_font-size-default_18wu0_1tu1m_223 awsui_font-weight-default_18wu0_1tu1m_263\"><a class=\"awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/us-east-1.console.aws.amazon.com\/iam\/home#\/policies\/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FAmazonS3FullAccess\" data-awsui-focus-visible=\"true\">AmazonS3FullAccess<\/a><\/div>\n<\/li>\n<li>\n<div class=\"awsui_root_18wu0_1tu1m_93 awsui_box_18wu0_1tu1m_207 awsui_m-right-xxs_18wu0_1tu1m_803 awsui_d-inline_18wu0_1tu1m_989 awsui_color-default_18wu0_1tu1m_207 awsui_font-size-default_18wu0_1tu1m_223 awsui_font-weight-default_18wu0_1tu1m_263\"><a class=\"awsui_link_4c84z_16m2q_93 awsui_variant-secondary_4c84z_16m2q_140 awsui_font-size-body-m_4c84z_16m2q_414\" target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/us-east-1.console.aws.amazon.com\/iam\/home#\/policies\/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FIAMFullAccess\" data-awsui-focus-visible=\"true\">IAMFullAccess<\/a><\/div>\n<\/li>\n<\/ul>\n<h2>Procedure<\/h2>\n<p>Now it&#8217;s time to create AWS <strong>GuardDuty<\/strong> and some other related services like AWS <strong>CloudTrail<\/strong> using <strong>Terraform<\/strong> Script. Why need to create AWS CloudTrail? E<span>nabling this AWS service on the CloudTrail log is essential because it allows customers to gain additional security insights and detect potential security threats in their AWS environment. It is a key step in improving the security posture of an AWS account and protecting valuable data and resources.<\/span><\/p>\n<p>And also we are going to create AWS CloudWatch Event Rule and SNS Topic for sending email notifications from <strong>GuardDuty<\/strong> logs.<\/p>\n<pre><em>Also read: <a href=\"https:\/\/www.easydeploy.io\/blog\/what-is-terramform\/\">What is terraform?<\/a><\/em><\/pre>\n<h2>Terraform Script to create AWS CloudTrail<\/h2>\n<p>Create a folder like AWS <strong>guard-duty<\/strong> and open <strong>VS Code<\/strong> editor in this folder.<\/p>\n<p>Create a file called <strong>provider.tf<\/strong> and add the following code into the file.<\/p>\n<div>\n<pre><span>provider<\/span><span> <\/span><span>\"aws\"<\/span><span> {<\/span>\r\n<span>\u00a0 <\/span><span>region<\/span><span> \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"region_name\"<\/span>\r\n<span>\u00a0 <\/span><span>access_key<\/span><span> <\/span><span>=<\/span><span> <\/span><span>var<\/span><span>.<\/span><span>access_key<\/span>\r\n<span>\u00a0 <\/span><span>secret_key<\/span><span> <\/span><span>=<\/span><span> <\/span><span>var<\/span><span>.<\/span><span>secret_key<\/span>\r\n<span>}<\/span><\/pre>\n<\/div>\n<p>Replace the <strong>region_name<\/strong> with the region name where you want to create CloudTrail.<\/p>\n<p>Next, create another file called<strong> variables.tf<\/strong> and add the below code.<\/p>\n<div>\n<pre><span>variable<\/span><span> <\/span><span>\"access_key\"<\/span><span> {<\/span>\r\n<span>\u00a0 <\/span><span>type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>string<\/span>\r\n<span>\u00a0 <\/span><span>description<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"AWS IAM Access key\"<\/span>\r\n<span>\u00a0 <\/span><span>default<\/span><span> \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"\"<\/span>\r\n<span>}<\/span>\r\n\r\n<span>variable<\/span><span> <\/span><span>\"secret_key\"<\/span><span> {<\/span>\r\n<span>\u00a0 <\/span><span>type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>string<\/span>\r\n<span>\u00a0 <\/span><span>description<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"AWS IAM Secret key\"<\/span>\r\n<span>\u00a0 <\/span><span>default<\/span><span> \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"\"<\/span>\r\n<span>}<\/span>\r\n\r\n<span>variable<\/span><span> <\/span><span>\"name\"<\/span><span> {<\/span>\r\n<span>\u00a0 <\/span><span>type<\/span><span> \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>string<\/span>\r\n<span>\u00a0 <\/span><span>default<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"\"<\/span>\r\n<span>}<\/span><\/pre>\n<\/div>\n<p>All the variables&#8217; default values need to be given inside the double quotes.<\/p>\n<p>Finally, create a file named<strong> main.tf<\/strong> and enter the below code.<\/p>\n<div>\n<pre><span>data<\/span><span> <\/span><span>\"aws_caller_identity\"<\/span><span> <\/span><span>\"this\"<\/span><span> {}\r\n<\/span>\r\n<span>locals<\/span><span> {<\/span>\r\n<span>  <\/span><span>account_id<\/span><span> <\/span><span>=<\/span><span> <\/span><span>data<\/span><span>.<\/span><span>aws_caller_identity<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>account_id<\/span>\r\n<span>}\r\n<\/span>\r\n<span>resource<\/span><span> <\/span><span>\"aws_cloudtrail\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>name<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>var<\/span><span>.<\/span><span>name<\/span>\r\n<span>  <\/span><span>s3_bucket_name<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>aws_s3_bucket<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>id<\/span>\r\n<span>  <\/span><span>s3_key_prefix<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"cloudtrail\"<\/span>\r\n<span>  <\/span><span>enable_log_file_validation<\/span><span> \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  <\/span><span>include_global_service_events<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  <\/span><span>is_multi_region_trail<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  <\/span><span>event_selector<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>read_write_type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"All\"<\/span>\r\n<span>  \u00a0 <\/span><span>include_management_events<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  \u00a0 <\/span><span>data<\/span><span>_resource<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>type<\/span><span> \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"AWS::S3::Object\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>values<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"arn:aws:s3:::\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  }<\/span>\r\n<span>  <\/span><span>event_selector<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>read_write_type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"All\"<\/span>\r\n<span>  \u00a0 <\/span><span>include_management_events<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  \u00a0 <\/span><span>data<\/span><span>_resource<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>type<\/span><span> \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"AWS::DynamoDB::Table\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>values<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"arn:aws:dynamodb\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>data<\/span><span>_resource<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>type<\/span><span> \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"AWS::Lambda::Function\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>values<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"arn:aws:lambda\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  }<\/span>\r\n<span>  <\/span><span>insight_selector<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>insight_type<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"ApiCallRateInsight\"<\/span>\r\n<span>  }<\/span>\r\n<span>}<\/span>\r\n\r\n<span>resource<\/span><span> <\/span><span>\"aws_s3_bucket\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>bucket<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>\"<\/span><span>${<\/span><span>lower<\/span><span>(<\/span><span>var<\/span><span>.<\/span><span>name<\/span><span>)<\/span><span>}<\/span><span>-cloudtrail-<\/span><span>${<\/span><span>local<\/span><span>.<\/span><span>account_id<\/span><span>}<\/span><span>\"<\/span>\r\n<span>  <\/span><span>force_destroy<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>}<\/span>\r\n\r\n<span>data<\/span><span> <\/span><span>\"aws_iam_policy_document\"<\/span><span> <\/span><span>\"bucket_policy\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>statement<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>sid<\/span><span> \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>\"AWSCloudTrailAclCheck\"<\/span>\r\n<span>  \u00a0 <\/span><span>effect<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"Allow\"<\/span>\r\n<span>  \u00a0 <\/span><span>principals<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>\"Service\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>identifiers<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"cloudtrail.amazonaws.com\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>actions<\/span><span> \u00a0 <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"s3:GetBucketAcl\"<\/span><span>]<\/span>\r\n<span>  \u00a0 <\/span><span>resources<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>aws_s3_bucket<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>arn<\/span><span>]<\/span>\r\n<span>  }<\/span>\r\n<span>  <\/span><span>statement<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>sid<\/span><span> \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>\"AWSCloudTrailWrite\"<\/span>\r\n<span>  \u00a0 <\/span><span>effect<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"Allow\"<\/span>\r\n<span>  \u00a0 <\/span><span>principals<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>\"Service\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>identifiers<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"cloudtrail.amazonaws.com\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>actions<\/span><span> \u00a0 <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"s3:PutObject\"<\/span><span>]<\/span>\r\n<span>  \u00a0 <\/span><span>resources<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"<\/span><span>${<\/span><span>aws_s3_bucket<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>arn<\/span><span>}<\/span><span>\/cloudtrail\/AWSLogs\/<\/span><span>${<\/span><span>local<\/span><span>.<\/span><span>account_id<\/span><span>}<\/span><span>\/*\"<\/span><span>]<\/span>\r\n<span>  \u00a0 <\/span><span>condition<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>test<\/span><span> \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>\"StringEquals\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>variable<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"s3:x-amz-acl\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>values<\/span><span> \u00a0 <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"bucket-owner-full-control\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  }<\/span>\r\n<span>}<\/span>\r\n\r\n<span>resource<\/span><span> <\/span><span>\"aws_s3_bucket_policy\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>bucket<\/span><span> <\/span><span>=<\/span><span> <\/span><span>aws_s3_bucket<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>id<\/span>\r\n<span>  <\/span><span>policy<\/span><span> <\/span><span>=<\/span><span> <\/span><span>data<\/span><span>.<\/span><span>aws_iam_policy_document<\/span><span>.<\/span><span>bucket_policy<\/span><span>.<\/span><span>json<\/span>\r\n<span>}<\/span><\/pre>\n<\/div>\n<p>The above terraform code will create a AWS CloudTrail with multi-region enabled. And also it creates an AWS S3 Bucket for CloudTrail log storage.<\/p>\n<h3>Run Terraform Script for AWS CloudTrail<\/h3>\n<p>Now we have to run this script to create <strong>CloudTrail<\/strong> and <strong>S3<\/strong> bucket.<\/p>\n<p>Open the terminal in VS code editor and run the <strong><em>&#8220;terraform init&#8221;<\/em><\/strong> command. This init command should be run on every new terraform script.<\/p>\n<pre><em><a href=\"https:\/\/www.easydeploy.io\/blog\/s3-bucket-aws-terraform-cli-command\/#RUN_TERRAFORM_CODE_FROM_OUR_SYSTEM\">Know more about <strong>terraform Init<\/strong> command<\/a><\/em><\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/1-1.webp\" alt=\"Terraform init\" width=\"631\" height=\"427\" class=\"aligncenter wp-image-2625 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform init\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/1-1.webp 631w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/1-1-300x203.webp 300w\" sizes=\"(max-width: 631px) 100vw, 631px\" \/><\/p>\n<p>Now run the <em><strong>&#8220;terraform apply&#8221;<\/strong><\/em> command to deploy this script into your AWS account.<\/p>\n<p>It will prompt you to Enter a value and enter <strong>yes<\/strong> to create CloudTrail.<\/p>\n<p>It will create 3 resources like the picture below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/2-1.webp\" alt=\"Terraform apply\" width=\"728\" height=\"933\" class=\"aligncenter wp-image-2626 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform apply\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/2-1.webp 728w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/2-1-234x300.webp 234w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/p>\n<p>Open your AWS account and navigate to AWS <strong>CloudTrail.<\/strong> On the left side, panel choose AWS <strong>Dashboard<\/strong> and you can see the AWS CloudTrail could be created.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/3-1.webp\" alt=\"AWS Cloudtrail\" width=\"1048\" height=\"342\" class=\"aligncenter wp-image-2627 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform Cloudtrail Created\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/3-1.webp 1048w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/3-1-300x98.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/3-1-1024x334.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/3-1-768x251.webp 768w\" sizes=\"(max-width: 1048px) 100vw, 1048px\" \/><\/p>\n<h3>Add Terraform script to Create AWS GuardDuty<\/h3>\n<p>Once you successfully created AWS Cloudtrail, now you need to enable AWS <strong>GuardDuty.<\/strong><\/p>\n<p>So copy the below code and add it to the <strong>main.tf<\/strong> file under the existing code.<\/p>\n<div>\n<pre><span>resource<\/span><span> <\/span><span>\"aws_guardduty_detector\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>enable<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  <\/span><span>data<\/span><span>sources<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>s3_logs<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>enable<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>kubernetes<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>audit_logs<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 \u00a0 <\/span><span>enable<\/span><span> <\/span><span>=<\/span><span> <\/span><span>false<\/span>\r\n<span>  \u00a0 \u00a0 }<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>malware_protection<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>scan_ec2_instance_with_findings<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 \u00a0 <\/span><span>ebs_volumes<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span>enable<\/span><span> <\/span><span>=<\/span><span> <\/span><span>true<\/span>\r\n<span>  \u00a0 \u00a0 \u00a0 }<\/span>\r\n<span>  \u00a0 \u00a0 }<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  }<\/span>\r\n<span>}<\/span>\r\n\r\n<span>resource<\/span><span> <\/span><span>\"aws_cloudwatch_event_rule\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>name<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>var<\/span><span>.<\/span><span>name<\/span>\r\n<span>  <\/span><span>description<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"Event rule for trigger sns topic from AWS Guard duty\"<\/span>\r\n<span>  <\/span><span>event_pattern<\/span><span> <\/span><span>=<\/span><span> <\/span><span>jsonencode<\/span><span>(<\/span>\r\n<span>  \u00a0 {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>\"source\"<\/span><span> : [<\/span><span>\"aws.guardduty\"<\/span><span>],<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>\"detail-type\"<\/span><span> : [<\/span><span>\"GuardDuty Finding\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  )<\/span>\r\n<span>}\r\n<\/span>\r\n<span>resource<\/span><span> <\/span><span>\"aws_cloudwatch_event_target\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>rule<\/span><span> \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>aws_cloudwatch_event_rule<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>name<\/span>\r\n<span>  <\/span><span>target_id<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"SendToSNS\"<\/span>\r\n<span>  <\/span><span>arn<\/span><span> \u00a0 \u00a0 \u00a0 <\/span><span>=<\/span><span> <\/span><span>aws_sns_topic<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>arn<\/span>\r\n<span>  <\/span><span>input_transformer<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>input_paths<\/span><span> <\/span><span>=<\/span><span> <\/span><span>{<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>severity<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0= <\/span><span>\"$.detail.severity\"<\/span><span>,<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>Finding_ID<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0= <\/span><span>\"$.detail.id\"<\/span><span>,<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>Finding_Type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0= <\/span><span>\"$.detail.type\"<\/span><span>,<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>region<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0= <\/span><span>\"$.region\"<\/span><span>,<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>Finding_description<\/span><span> = <\/span><span>\"$.detail.description\"<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>input_template<\/span><span> <\/span><span>=<\/span><span> <\/span><span>\"<\/span><span>\\\"<\/span><span>You have a severity &lt;severity&gt; GuardDuty finding type &lt;Finding_Type&gt; in the &lt;region&gt; region.<\/span><span>\\\"\\n<\/span><span> <\/span><span>\\\"<\/span><span>Finding Description:<\/span><span>\\\"<\/span><span> <\/span><span>\\\"<\/span><span>&lt;Finding_description&gt;. <\/span><span>\\\"\\n<\/span><span> <\/span><span>\\\"<\/span><span>For more details open the GuardDuty console at https:\/\/console.aws.amazon.com\/guardduty\/home?region=&lt;region&gt;#\/findings?search=id%3D&lt;Finding_ID&gt;<\/span><span>\\\"<\/span><span>\"<\/span>\r\n<span>  }<\/span>\r\n<span>}\r\n<\/span>\r\n<span>resource<\/span><span> <\/span><span>\"aws_sns_topic\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>name<\/span><span> <\/span><span>=<\/span><span> <\/span><span>var<\/span><span>.<\/span><span>name<\/span>\r\n<span>}<\/span>\r\n\r\n<span>resource<\/span><span> <\/span><span>\"aws_sns_topic_policy\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>arn<\/span><span> \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>aws_sns_topic<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>arn<\/span>\r\n<span>  <\/span><span>policy<\/span><span> <\/span><span>=<\/span><span> <\/span><span>data<\/span><span>.<\/span><span>aws_iam_policy_document<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>json<\/span>\r\n<span>}<\/span>\r\n\r\n<span>data<\/span><span> <\/span><span>\"aws_iam_policy_document\"<\/span><span> <\/span><span>\"this\"<\/span><span> {<\/span>\r\n<span>  <\/span><span>statement<\/span><span> {<\/span>\r\n<span>  \u00a0 <\/span><span>effect<\/span><span> \u00a0<\/span><span>=<\/span><span> <\/span><span>\"Allow\"<\/span>\r\n<span>  \u00a0 <\/span><span>actions<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"SNS:Publish\"<\/span><span>]<\/span>\r\n<span>  \u00a0 <\/span><span>principals<\/span><span> {<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>type<\/span><span> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span>=<\/span><span> <\/span><span>\"Service\"<\/span>\r\n<span>  \u00a0 \u00a0 <\/span><span>identifiers<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>\"events.amazonaws.com\"<\/span><span>]<\/span>\r\n<span>  \u00a0 }<\/span>\r\n<span>  \u00a0 <\/span><span>resources<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span>aws_sns_topic<\/span><span>.<\/span><span>this<\/span><span>.<\/span><span>arn<\/span><span>]<\/span>\r\n<span>  }<\/span>\r\n<span>}<\/span><\/pre>\n<\/div>\n<p>The above code will enable <strong>AWS<\/strong>\u00a0<strong>GuardDuty<\/strong> and also create <strong>SNS Topic<\/strong> and <strong>Event Rule.<\/strong><\/p>\n<p>Run the <strong><em>&#8220;terraform apply&#8221;<\/em><\/strong> command to create these resources.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/4-1.webp\" alt=\"Terraform apply\" width=\"797\" height=\"828\" class=\"aligncenter wp-image-2628 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform apply\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/4-1.webp 797w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/4-1-289x300.webp 289w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/4-1-768x798.webp 768w\" sizes=\"(max-width: 797px) 100vw, 797px\" \/><\/p>\n<p>Once it runs successfully like in the above picture, navigate to the <strong>AWS GuardDuty<\/strong> console to see the changes.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/5-1.webp\" alt=\"Terraform GuardDuty\" width=\"1838\" height=\"462\" class=\"aligncenter wp-image-2629 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform GuardDuty Enabled\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/5-1.webp 1838w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/5-1-300x75.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/5-1-1024x257.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/5-1-768x193.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/5-1-1536x386.webp 1536w\" sizes=\"(max-width: 1838px) 100vw, 1838px\" \/><\/p>\n<p>Now it is enabled. But there are no logs to show. Now the next step we are going to generate logs to see how it works.<\/p>\n<h3>Generate Sample Findings in AWS GuardDuty<\/h3>\n<p data-renderer-start-pos=\"2799\">Now we are going to generate some sample findings.<\/p>\n<p data-renderer-start-pos=\"2851\">On the left side navigation panel click <strong data-renderer-mark=\"true\">Settings<\/strong>. On the right side, scroll down a little and click <strong data-renderer-mark=\"true\">Generate sample findings<\/strong>.<\/p>\n<p data-renderer-start-pos=\"2851\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/20.webp\" alt=\"Terraform Sample Findings\" width=\"1365\" height=\"570\" class=\"aligncenter wp-image-2643 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform Generate Sample Findings\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/20.webp 1365w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/20-300x125.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/20-1024x428.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/20-768x321.webp 768w\" sizes=\"(max-width: 1365px) 100vw, 1365px\" \/><\/p>\n<p data-renderer-start-pos=\"2981\">Now again go to the <strong data-renderer-mark=\"true\">findings <\/strong>page and you can see some of the sample logs are shown.<\/p>\n<p data-renderer-start-pos=\"3067\">On the top right side, you can see three colors with indicated numbers.<\/p>\n<p data-renderer-start-pos=\"3140\">These colors represent various severity stages of the reports.<\/p>\n<ul class=\"ak-ul\" data-indent-level=\"1\">\n<li>\n<p data-renderer-start-pos=\"3206\"><strong data-renderer-mark=\"true\">Blue \u2192 Low<\/strong><\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"3220\"><strong data-renderer-mark=\"true\">Orange \u2192 Medium<\/strong><\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"3239\"><strong data-renderer-mark=\"true\">Red \u2192 High<\/strong><\/p>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/21.webp\" alt=\"Terraform Sample Findings\" width=\"1853\" height=\"822\" class=\"aligncenter wp-image-2644 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform Generated Sample Findings\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/21.webp 1853w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/21-300x133.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/21-1024x454.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/21-768x341.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/21-1536x681.webp 1536w\" sizes=\"(max-width: 1853px) 100vw, 1853px\" \/><\/p>\n<p>Click one of the sample findings and it will show the full details about the Behavior activity.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/22.webp\" alt=\" Terraform Explore \" width=\"1562\" height=\"824\" class=\"aligncenter wp-image-2645 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform Explore Sample Findings\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/22.webp 1562w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/22-300x158.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/22-1024x540.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/22-768x405.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/22-1536x810.webp 1536w\" sizes=\"(max-width: 1562px) 100vw, 1562px\" \/><\/p>\n<p><strong data-renderer-mark=\"true\">AWS GuardDuty <\/strong>uses <strong data-renderer-mark=\"true\">machine learning<\/strong> and <strong data-renderer-mark=\"true\">mathematical algorithms<\/strong>. So it can find <strong data-renderer-mark=\"true\">What action occurs <\/strong>and <strong data-renderer-mark=\"true\">where it happens<\/strong> and <strong data-renderer-mark=\"true\">Who did it with their location<\/strong> details like the below picture.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/23.webp\" alt=\"Terraform\" width=\"583\" height=\"801\" class=\"aligncenter wp-image-2646 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform Explore Sample Findings\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/23.webp 583w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/23-218x300.webp 218w\" sizes=\"(max-width: 583px) 100vw, 583px\" \/><\/p>\n<h4>Create AWS SNS Email Subscription<\/h4>\n<p>Open the AWS <strong>SNS topic<\/strong> Console and on the left navigation panel click <strong>Topics.<\/strong> Then select the topic which is created by <strong>Terraform.<\/strong><\/p>\n<p>Under the <strong>Subscriptions<\/strong> section click <strong>Create Subscription.<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/11.webp\" alt=\"Terraform SNS Subscription\" width=\"1841\" height=\"766\" class=\"aligncenter wp-image-2633 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform SNS Subscription\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/11.webp 1841w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/11-300x125.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/11-1024x426.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/11-768x320.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/11-1536x639.webp 1536w\" sizes=\"(max-width: 1841px) 100vw, 1841px\" \/><\/p>\n<p>Select the <strong>protocol<\/strong> to <strong>Email<\/strong> and for <strong>Endpoint,<\/strong> enter your email address.<\/p>\n<p>Finally, click <strong>Create Subscription.<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/12-1.webp\" alt=\"Terraform SNS Subscription\" width=\"872\" height=\"635\" class=\"aligncenter wp-image-2634\" title=\"Enable GuardDuty Create CloudTrail using Terraform Create SNS Subscription\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/12-1.webp 1140w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/12-1-300x218.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/12-1-1024x746.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/12-1-768x559.webp 768w\" sizes=\"(max-width: 872px) 100vw, 872px\" \/><\/p>\n<p>You should receive a subscription confirmation email like in the picture below.<\/p>\n<p>Open the mail and click the <strong>confirm subscription<\/strong> link.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/13-1.webp\" alt=\"Confirm SNS Subscription\" width=\"917\" height=\"316\" class=\"aligncenter wp-image-2635 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform Confirm SNS Subscription\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/13-1.webp 917w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/13-1-300x103.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/13-1-768x265.webp 768w\" sizes=\"(max-width: 917px) 100vw, 917px\" \/><\/p>\n<p>If you prompt to another page like the below picture, your email subscription is confirmed.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/14-2.webp\" alt=\"Terraform SNS Subscription Confirmed\" width=\"599\" height=\"263\" class=\"aligncenter wp-image-2636 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform SNS Subscription Confirmed\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/14-2.webp 599w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/14-2-300x132.webp 300w\" sizes=\"(max-width: 599px) 100vw, 599px\" \/><\/p>\n<h4>Get Alerts via Email<\/h4>\n<p>All setups are completed. But now we just trying to generate reports and get alerts via email notifications.<\/p>\n<p>So first create an AWS S3 bucket for this testing purpose. So Leave all settings as default and create.<\/p>\n<p>If you don&#8217;t know how to create an AWS S3 bucket Please check the below links.<\/p>\n<pre><em><a href=\"https:\/\/www.easydeploy.io\/blog\/aws-s3-hands-on\/#Let_us_straight_away_look_at_how_to_create_an_S3_bucket_and_upload_our_data_into_it_by_using_the_AWS_management_console\">Create S3 bucket from AWS console<\/a>\r\n<a href=\"https:\/\/www.easydeploy.io\/blog\/s3-bucket-aws-terraform-cli-command\/\">Create S3 bucket using Terraform<\/a>\r\n<\/em><\/pre>\n<p>Now select the newly created AWS S3 bucket and navigate to the <strong>Permissions<\/strong> section.<\/p>\n<p>Under the <strong>Block public access settings<\/strong>, you can be able to see <strong>Block all public access could<\/strong> be <strong>On.<\/strong><\/p>\n<p>Click the <strong>Edit<\/strong> button. We are going to off this setting.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/6-1.webp\" alt=\"Terraform S3 Public Access\" width=\"579\" height=\"274\" class=\"aligncenter wp-image-2630 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform S3 Public Access\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/6-1.webp 579w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/6-1-300x142.webp 300w\" sizes=\"(max-width: 579px) 100vw, 579px\" \/><\/p>\n<p>Disable the <strong>Block all public access<\/strong> and click <strong>Save changes<\/strong> like the below screenshot.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/7-1.webp\" alt=\"Terraform S3 Block \" width=\"839\" height=\"660\" class=\"aligncenter wp-image-2631 size-full\" title=\"Enable GuardDuty Create CloudTrail using Terraform S3 Block public Access Disable\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/7-1.webp 839w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/7-1-300x236.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/7-1-768x604.webp 768w\" sizes=\"(max-width: 839px) 100vw, 839px\" \/><\/p>\n<p>It asks a confirmation. So enter <strong>confirm<\/strong> and click <strong>Confirm<\/strong> button.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/8-1.webp\" alt=\" Terraform S3 Block\" width=\"632\" height=\"300\" class=\"aligncenter wp-image-2632 size-full\" title=\"vEnable GuardDuty Create CloudTrail using Terraform S3 Block public Access Disable confirmation\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/8-1.webp 632w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/8-1-300x142.webp 300w\" sizes=\"(max-width: 632px) 100vw, 632px\" \/><\/p>\n<p>Now go to the <strong>AWS<\/strong> <strong>GuardDuty<\/strong> page.\u00a0 After a couple of minutes, there will be a report showing under the <strong>Findings<\/strong> section.<\/p>\n<p>Click the report and it will show all the details about the report. It will show a detailed report like<strong> what action happens<\/strong> and<strong> where it happens<\/strong> and<strong> who did this<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/15.png\" alt=\"Terraform GuardDuty Report\" width=\"1544\" height=\"798\" class=\"aligncenter wp-image-2639 size-full\" title=\"vEnable GuardDuty Create CloudTrail using Terraform GuardDuty Findings Report\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/15.png 1544w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/15-300x155.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/15-1024x529.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/15-768x397.png 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/15-1536x794.png 1536w\" sizes=\"(max-width: 1544px) 100vw, 1544px\" \/><\/p>\n<p>And also you got an email like the below picture.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/16.webp\" alt=\"Terraform GuardDuty Alerts \" width=\"1705\" height=\"264\" class=\"aligncenter wp-image-2638 size-full\" title=\"vEnable GuardDuty Create CloudTrail using Terraform GuardDuty Alerts via Email\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/16.webp 1705w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/16-300x46.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/16-1024x159.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/16-768x119.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/16-1536x238.webp 1536w\" sizes=\"(max-width: 1705px) 100vw, 1705px\" \/><\/p>\n<h4>Use Cases of AWS GuardDuty<\/h4>\n<p>Here are some of the use cases of <strong>AWS GuardDuty:<\/strong><\/p>\n<ol>\n<li><strong>Continuous Monitoring:<\/strong> It continuously monitors the AWS environment for potential security threats, such as unauthorized access, data exfiltration, and malicious activity.<\/li>\n<li><span><strong>Detecting Compromised Credentials<\/strong>: It can monitor your AWS account for unauthorized access attempts and compromised credentials by analyzing AWS CloudTrail logs, VPC Flow Logs, and DNS logs. <\/span><\/li>\n<li><strong>Threat Detection: <\/strong>This AWS Service uses machine learning algorithms and threat intelligence to detect known and unknown threats in the AWS environment.<\/li>\n<li><strong>Compliance Monitoring:<\/strong> AWS GuardDuty can help in maintaining compliance with various industry standards, by identifying potential security issues and providing actionable insights to remediate them.<\/li>\n<li><strong>Incident Response:<\/strong> It can help in investigating security incidents by providing detailed logs and alerts, which can be used to identify the root cause of the incident and take appropriate remediation measures.<\/li>\n<li><strong>Integration with Other AWS Services: <\/strong>AWS GuardDuty integrates with other AWS services such as AWS CloudTrail, Amazon S3, and AWS Lambda, to provide comprehensive security monitoring and threat detection capabilities.<\/li>\n<\/ol>\n<h4>Conclusion<\/h4>\n<p>In conclusion, creating <strong>AWS GuardDuty<\/strong> using <strong>Terraform<\/strong> is a straightforward process that can significantly enhance the security posture of your AWS environment. With the ability to detect and respond to potential threats in real-time, <strong>GuardDuty<\/strong> offers a valuable layer of security that can help protect your business from cyber-attacks. By leveraging the power of Infrastructure as Code <strong>(IaC)<\/strong> with <strong>Terraform,<\/strong> you can automate the process of setting up <strong>GuardDuty,<\/strong> enabling you to quickly and easily configure the service and scale it to meet the needs of your organization.<\/p>\n<p>With <strong>AWS GuardDuty<\/strong> and <strong>Terraform,<\/strong> you can rest assured that your AWS environment is secure and protected and that you are well-equipped to respond to any potential Cloud security threats that may arise. So why not give it a try and see the benefits for yourself?<\/p>\n<h4><strong>FAQ:<\/strong><\/h4>\n<p>1. Why\u00a0 Terraform is used to enable AWS Guardduty?<\/p>\n<p>Terraform is an Infrastructure management tool that helps to create and configure AWS Guardduty with a single click.<\/p>\n<p>2. Why should you use AWS Guardduty for your AWS Account?<\/p>\n<p>You can integrate with all other AWS monitoring services to manage within a single one with a machine learning algorithm.<\/p>\n<p>3. Can AWS GuardDuty send alerts via email notifications?<\/p>\n<p>Yes through AWS Guardduty you can send alerts via email notification.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction to AWS Guard Duty AWS GuardDuty is a threat detection service offered by Amazon Web Services (AWS) that continuously monitors and analyzes AWS account activity and network traffic to identify potential security threats. It uses machine learning, anomaly detection, and threat intelligence to analyze data from AWS CloudTrail, VPC Flow Logs, and AWS DNS [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":2650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,424],"tags":[448,440,327],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Enabling AWS GuardDuty detect suspicious activity using Terraform<\/title>\n<meta name=\"description\" content=\"Discover how to enable AWS GuardDuty to detect suspicious activity in your AWS environment using Terraform.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Enabling AWS GuardDuty detect suspicious activity using Terraform\" \/>\n<meta property=\"og:description\" content=\"Discover how to enable AWS GuardDuty to detect suspicious activity in your AWS environment using Terraform.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\" \/>\n<meta property=\"og:site_name\" content=\"easydeploy.io\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/Jerinrathnam\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-20T04:39:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-19T12:21:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Jerin Rathnam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@jerin_rathnam\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jerin Rathnam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\"},\"author\":{\"name\":\"Jerin Rathnam\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/939543ac3b33fadea8b5115ab9a1280f\"},\"headline\":\"Enable AWS GuardDuty to detect suspicious activity within your AWS account Using Terraform\",\"datePublished\":\"2023-03-20T04:39:00+00:00\",\"dateModified\":\"2023-06-19T12:21:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\"},\"wordCount\":1428,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp\",\"keywords\":[\"aws cloudtrial\",\"aws guardduty\",\"Terraform\"],\"articleSection\":[\"Amazon Web Services\",\"Terraform\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\",\"name\":\"Enabling AWS GuardDuty detect suspicious activity using Terraform\",\"isPartOf\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp\",\"datePublished\":\"2023-03-20T04:39:00+00:00\",\"dateModified\":\"2023-06-19T12:21:43+00:00\",\"description\":\"Discover how to enable AWS GuardDuty to detect suspicious activity in your AWS environment using Terraform.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp\",\"contentUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp\",\"width\":1280,\"height\":720,\"caption\":\"aws guarduty\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.easydeploy.io\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Enable AWS GuardDuty to detect suspicious activity within your AWS account Using Terraform\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#website\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/\",\"name\":\"easydeploy.io\",\"description\":\"A Cloud Architect Company\",\"publisher\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.easydeploy.io\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#organization\",\"name\":\"EasyDeploy Technologies Pvt Ltd\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png\",\"contentUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png\",\"width\":536,\"height\":100,\"caption\":\"EasyDeploy Technologies Pvt Ltd\"},\"image\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/939543ac3b33fadea8b5115ab9a1280f\",\"name\":\"Jerin Rathnam\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ca2c2ab4a28d380073334816b42aaa40?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ca2c2ab4a28d380073334816b42aaa40?s=96&d=mm&r=g\",\"caption\":\"Jerin Rathnam\"},\"description\":\"Jerin Rathnam is a proficient DevOps engineer who is dedicated to streamlining software development and deployment processes. He has extensive knowledge of cloud infrastructure, containerization, and CI\/CD pipelines, which enables him to effectively connect development and operations. Jerin specializes in creating numerous Terraform modules for multi-cloud infrastructure and possesses immense expertise in configuring and managing cloud infrastructure. His profound understanding of containerization, along with his experience in orchestration tools like Docker and Kubernetes, further supports his skills as a valuable DevOps engineer.\",\"sameAs\":[\"https:\/\/www.gemjerin.site\",\"https:\/\/www.facebook.com\/Jerinrathnam\",\"https:\/\/www.instagram.com\/gem_jerin_rathnam\/\",\"https:\/\/www.linkedin.com\/in\/jerin-rathnam\/\",\"https:\/\/x.com\/jerin_rathnam\",\"@jerinrathnam\"],\"url\":\"https:\/\/www.easydeploy.io\/blog\/author\/jerin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Enabling AWS GuardDuty detect suspicious activity using Terraform","description":"Discover how to enable AWS GuardDuty to detect suspicious activity in your AWS environment using Terraform.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/","og_locale":"en_GB","og_type":"article","og_title":"Enabling AWS GuardDuty detect suspicious activity using Terraform","og_description":"Discover how to enable AWS GuardDuty to detect suspicious activity in your AWS environment using Terraform.","og_url":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/","og_site_name":"easydeploy.io","article_author":"https:\/\/www.facebook.com\/Jerinrathnam","article_published_time":"2023-03-20T04:39:00+00:00","article_modified_time":"2023-06-19T12:21:43+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp","type":"image\/webp"}],"author":"Jerin Rathnam","twitter_card":"summary_large_image","twitter_creator":"@jerin_rathnam","twitter_misc":{"Written by":"Jerin Rathnam","Estimated reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#article","isPartOf":{"@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/"},"author":{"name":"Jerin Rathnam","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/939543ac3b33fadea8b5115ab9a1280f"},"headline":"Enable AWS GuardDuty to detect suspicious activity within your AWS account Using Terraform","datePublished":"2023-03-20T04:39:00+00:00","dateModified":"2023-06-19T12:21:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/"},"wordCount":1428,"commentCount":0,"publisher":{"@id":"https:\/\/www.easydeploy.io\/blog\/#organization"},"image":{"@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage"},"thumbnailUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp","keywords":["aws cloudtrial","aws guardduty","Terraform"],"articleSection":["Amazon Web Services","Terraform"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/","url":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/","name":"Enabling AWS GuardDuty detect suspicious activity using Terraform","isPartOf":{"@id":"https:\/\/www.easydeploy.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage"},"image":{"@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage"},"thumbnailUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp","datePublished":"2023-03-20T04:39:00+00:00","dateModified":"2023-06-19T12:21:43+00:00","description":"Discover how to enable AWS GuardDuty to detect suspicious activity in your AWS environment using Terraform.","breadcrumb":{"@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#primaryimage","url":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp","contentUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2023\/03\/Enable-AWS-GuardDuty-to-detect-suspicious-activity-within-your-AWS-account-Using-Terraform-1.webp","width":1280,"height":720,"caption":"aws guarduty"},{"@type":"BreadcrumbList","@id":"https:\/\/www.easydeploy.io\/blog\/aws-guardduty-enabling\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.easydeploy.io\/blog\/"},{"@type":"ListItem","position":2,"name":"Enable AWS GuardDuty to detect suspicious activity within your AWS account Using Terraform"}]},{"@type":"WebSite","@id":"https:\/\/www.easydeploy.io\/blog\/#website","url":"https:\/\/www.easydeploy.io\/blog\/","name":"easydeploy.io","description":"A Cloud Architect Company","publisher":{"@id":"https:\/\/www.easydeploy.io\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.easydeploy.io\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.easydeploy.io\/blog\/#organization","name":"EasyDeploy Technologies Pvt Ltd","url":"https:\/\/www.easydeploy.io\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png","contentUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png","width":536,"height":100,"caption":"EasyDeploy Technologies Pvt Ltd"},"image":{"@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/939543ac3b33fadea8b5115ab9a1280f","name":"Jerin Rathnam","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ca2c2ab4a28d380073334816b42aaa40?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ca2c2ab4a28d380073334816b42aaa40?s=96&d=mm&r=g","caption":"Jerin Rathnam"},"description":"Jerin Rathnam is a proficient DevOps engineer who is dedicated to streamlining software development and deployment processes. He has extensive knowledge of cloud infrastructure, containerization, and CI\/CD pipelines, which enables him to effectively connect development and operations. Jerin specializes in creating numerous Terraform modules for multi-cloud infrastructure and possesses immense expertise in configuring and managing cloud infrastructure. His profound understanding of containerization, along with his experience in orchestration tools like Docker and Kubernetes, further supports his skills as a valuable DevOps engineer.","sameAs":["https:\/\/www.gemjerin.site","https:\/\/www.facebook.com\/Jerinrathnam","https:\/\/www.instagram.com\/gem_jerin_rathnam\/","https:\/\/www.linkedin.com\/in\/jerin-rathnam\/","https:\/\/x.com\/jerin_rathnam","@jerinrathnam"],"url":"https:\/\/www.easydeploy.io\/blog\/author\/jerin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts\/2623"}],"collection":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/comments?post=2623"}],"version-history":[{"count":9,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts\/2623\/revisions"}],"predecessor-version":[{"id":2726,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts\/2623\/revisions\/2726"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/media\/2650"}],"wp:attachment":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/media?parent=2623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/categories?post=2623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/tags?post=2623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}