Configuration details for enabling Amazon GuardDuty, inviting member accounts or accepting invitations from master accounts. Also included are configuration items to enable manual whitelists or threat lists. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform.

Enable GuardDuty with Notifications and Compliance Checks

A configuration package to enable Amazon GuardDuty in an AWS account as well as email notifications for GuardDuty findings (using a CloudWatch Event Rule), and an AWS Config Rule to verify that GuardDuty is continuously enabled.

Premium Only
Enable GuardDuty

Configuration to enable Amazon GuardDuty.

CloudFormationTerraformAWS CLI
GuardDuty Master Account: Invite Member Accounts

Configuration to enable Amazon GuardDuty as a Master account and send invitations to member accounts

CloudFormationTerraformAWS CLI
GuardDuty Member Account: Accept Invitation from Master Account

Configuration to enable Amazon GuardDuty as a member account and accept an invitation from a master GuardDuty account

CloudFormationTerraformAWS CLI
Amazon GuardDuty Filter

This template creates a GuardDuty Filter resource. The filter is used to specify criteria for filtering findings in GuardDuty.

Amazon GuardDuty IPSet

Creates an IPSet for Amazon GuardDuty, allowing you to specify a list of IP addresses to monitor for potential threats. The IPSet is activated and linked to a specific GuardDuty detector using the provided DetectorId.

Amazon GuardDuty Threat Intel Set

This template creates an Amazon GuardDuty Threat Intel Set, which allows you to import a list of IP addresses or domains that you want GuardDuty to monitor for potential threats. The template activates the Threat Intel Set and specifies the detector ID, format, location, and name.