Amazon GuardDuty - AWS GovCloud (US)

Amazon GuardDuty

How Amazon GuardDuty differs for AWS GovCloud (US)

The following features are not supported in both the AWS GovCloud (US) Regions:

  • Runtime Monitoring

  • EKS Runtime Monitoring

  • RDS Protection

  • Malware Protection

  • Cross-region data transfer

  • Member accounts invitation notifications through AWS Health Dashboard and email

The following EKS audit log finding types are not available in the GovCloud Regions:

  • CredentialAccess:Kubernetes/AnomalousBehavior.SecretsAccessed

  • PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleBindingCreated

  • Execution:Kubernetes/AnomalousBehavior.ExecInPod

  • PrivilegeEscalation:Kubernetes/AnomalousBehavior.WorkloadDeployed!PrivilegedContainer

  • PrivilegeEscalation:Kubernetes/AnomalousBehavior.WorkloadDeployed!ContainerWithSensitiveMount

  • Execution:Kubernetes/AnomalousBehavior.WorkloadDeployed

  • PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleCreated

  • Discovery:Kubernetes/AnomalousBehavior.PermissionChecked

Documentation for Amazon GuardDuty

Amazon GuardDuty documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.

  • This service can generate metadata from customer-defined configurations. AWS suggests customers do not enter export-controlled information in console fields, descriptions, resource names, and tagging information.