AWS GovCloud (US)
User Guide

Amazon GuardDuty

The following list details the differences for using this service in the AWS GovCloud (US) Region compared to other AWS regions:

  • There is no support for using AWS CloudFormation to set up Amazon GuardDuty resources in AWS GovCloud (US).

  • You cannot use the Enable GuardDuty StackSet feature to enable Amazon GuardDuty in multiple accounts at the same time due to the lack of AWS CloudFormation support. To bypass this limitation, use the Python scripts described in the Amazon GuardDuty documentation.

  • Cross-region data transfer is not supported.

  • The following DNS-related findings types will not be generated in AWS GovCloud (US).

    • Trojan:EC2/BlackholeTraffic!DNS

    • Trojan:EC2/DriveBySourceTraffic!DNS

    • Trojan:EC2/DropPoint!DNS

    • Backdoor:EC2/C&CActivity.B!DNS

    • CryptoCurrency:EC2/BitcoinTool.B!DNS

    • Trojan:EC2/DGADomainRequest.B

    • Trojan:EC2/DNSDataExfiltration

    • Trojan:EC2/DGADomainRequest.C!DNS

    • Trojan:EC2/PhishingDomainRequest!DNS

For more information about Amazon GuardDuty, see the Amazon GuardDuty documentation.

ITAR Boundary

The ITAR boundary defines where customers are allowed to store ITAR-regulated data for this service in the AWS GovCloud (US) Region. You must comply with the boundaries in order to maintain ITAR compliance. If you do not have any ITAR-regulated data in the AWS GovCloud (US) Region, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • All data entered, stored, and processed in Amazon GuardDuty can contain ITAR-regulated data.

  • None

On this page: