Amazon GuardDuty
Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment.
How Amazon GuardDuty Differs for AWS GovCloud (US)
-
Using AWS CloudFormation to set up Amazon GuardDuty resources in AWS GovCloud (US) is not currently supported.
-
The Enable GuardDuty StackSet feature to enable Amazon GuardDuty in multiple accounts at the same time is currently unavailable due to the lack of AWS CloudFormation support currently in AWS GovCloud (US). To bypass this limitation, use the Python scripts described in the Amazon GuardDuty documentation.
-
Cross-region data transfer is not supported.
-
Member invite notifications through Personal Health Dashboard and email is not supported.
Documentation for Amazon GuardDuty
Amazon GuardDuty documentation
ITAR Boundary
AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:
| ITAR-Regulated Data Permitted | ITAR-Regulated Data Not Permitted |
|---|---|
|
|
