Amazon GuardDuty - AWS GovCloud (US)

Amazon GuardDuty

Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment.

How Amazon GuardDuty Differs for AWS GovCloud (US)

  • Using AWS CloudFormation to set up Amazon GuardDuty resources in AWS GovCloud (US) is not currently supported.

  • The Enable GuardDuty StackSet feature to enable Amazon GuardDuty in multiple accounts at the same time is currently unavailable due to the lack of AWS CloudFormation support currently in AWS GovCloud (US). To bypass this limitation, use the Python scripts described in the Amazon GuardDuty documentation.

  • Cross-region data transfer is not supported.

  • Member invite notifications through Personal Health Dashboard and email is not supported.

  • The following findings are not available inAWS GovCloud (US):

    • CredentialAccess:IAMUser/AnomalousBehavior

    • DefenseEvasion:IAMUser/AnomalousBehavior

    • Discovery:IAMUser/AnomalousBehavior

    • Exfiltration:IAMUser/AnomalousBehavior

    • Impact:IAMUser/AnomalousBehavior

    • InitialAccess:IAMUser/AnomalousBehavior

    • Persistence:IAMUser/AnomalousBehavior

    • PrivilegeEscalation:IAMUser/AnomalousBehavior

    The following retired findings are still active in AWS GovCloud (US) as replacements for the above:

    • Discovery:S3/BucketEnumeration.Unusual

    • Impact:S3/ObjectDelete.Unusual

    • Impact:S3/PermissionsModification.Unusual

    • Persistence:IAMUser/NetworkPermissions

    • Persistence:IAMUser/ResourcePermissions

    • Persistence:IAMUser/UserPermissions

    • PrivilegeEscalation:IAMUser/AdministrativePermissions

    • Recon:IAMUser/NetworkPermissions

    • Recon:IAMUser/ResourcePermissions

    • Recon:IAMUser/UserPermissions

    • ResourceConsumption:IAMUser/ComputeResources

    • Stealth:IAMUser/LoggingConfigurationModified

    • UnauthorizedAccess:IAMUser/ConsoleLogin

Documentation for Amazon GuardDuty

Amazon GuardDuty documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the table below explains how certain components of data may leave the Regions in the normal course of the Service Offerings. The table can be used as a guide to help meet applicable customer compliance obligations.

Data in the following service attributes will not leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings Data in the following service attributes may leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings
  • All data entered, stored, and processed in Amazon GuardDuty can contain export-controlled data.