By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubNetwork FirewallAmazon MacieBilling and Cost ManagementS3 Bucket PoliciesCloudWatch Alarms and Event RulesLogging & Monitoring ConfigurationsAWS WAFBackups & DRAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Amazon GuardDuty

Configuration details for enabling Amazon GuardDuty, inviting member accounts or accepting invitations from master accounts. Also included are configuration items to enable manual whitelists or threat lists. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform.


A configuration package to enable Amazon GuardDuty in an AWS account as well as email notifications for GuardDuty findings (using a CloudWatch Event Rule), and an AWS Config Rule to verify that GuardDuty is continuously enabled.


Configuration to enable Amazon GuardDuty.

CloudFormationTerraformAWS CLI

Configuration to enable Amazon GuardDuty as a Master account and send invitations to member accounts

CloudFormationTerraformAWS CLI

Configuration to enable Amazon GuardDuty as a member account and accept an invitation from a master GuardDuty account

CloudFormationTerraformAWS CLI
CloudWatch Events

A CloudWatch Event Rule that triggers on Amazon GuardDuty findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Config Rule

A Config rule that checks whether Amazon GuardDuty is enabled in your AWS account and region. If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account. The rule is compliant when Amazon GuardDuty is enabled.

CloudFormationTerraformAWS CLI

A config rule that checks whether GuardDuty has untreated findings.

CloudFormationTerraformAWS CLI