# Lab: Deploying AWS GuardDuty via Terraform

{% hint style="success" %}

## Already Know Terraform?

If you're already familiar with Terraform, feel free to hop over to the [AWS Security Cookbook by Tyler GitHub repository](https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler/tree/main) to grab and deploy the code. Otherwise, stick around and we'll walk through it together! 
{% endhint %}

## Overview

The Terraform code for this module has been left in a simplified state (i.e., not using modules, loops, or other advanced Terraform features) to be more easily accessible. You can customize it further to meet your specific requirements.

***

## Deployment

{% hint style="danger" %}

## Cost Alert

AWS GuardDuty is a paid service. Enabling related protection plans and features has additional cost.

* <https://docs.aws.amazon.com/guardduty/latest/ug/monitoring_costs.html>
  {% endhint %}

{% code overflow="wrap" %}

```bash
# clone the AWS Security Cookbook repository
git clone https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler

# navigate to AWS GuardDuty directory
cd AWS_Cookbook_by_Tyler/recipes/aws_guardduty/Lab:Deploying_AWS_GuardDuty_via_Terraform

# initialize the directory and download the required terraform providers
terraform init

# check formatting and validate the syntax is correct
terraform fmt && terraform validate

# check the resources that will be created
terraform plan 

# deploy the resources
terraform apply
```

{% endcode %}

* Once complete, head to the AWS GuardDuty console and check it out!

<figure><img src="/files/rkcha4iVeYWYoaVDSHF8" alt=""><figcaption><p>AWS GuardDuty Console</p></figcaption></figure>

***

## Generate Findings

Until alerts get generated, your GuardDuty console will be pretty lackluster. We'll learn how to create findings in a future lab, but for now, you can explore sample findings.&#x20;

In the AWS console, go to `GuardDuty > Settings > Sample findings and click Generate sample findings`. This will create one sample from each of the GuardDuty finding types, prefixing each with `[SAMPLE]` for easy identification. There is no charge for this!

<figure><img src="/files/NU2mVHLgzqMxnifjZbTZ" alt=""><figcaption><p>generate sample findings</p></figcaption></figure>

Now, our GuardDuty instance is filled with some fun results to explore!&#x20;

<figure><img src="/files/jjpIzmgGkzuty6ItsTpO" alt=""><figcaption><p>GuardDuty Summary</p></figcaption></figure>

<figure><img src="/files/guB83p391KV4TDE9EI4j" alt=""><figcaption><p>GuardDuty Findings</p></figcaption></figure>

***

## Cleanup

{% hint style="danger" %}

## Clean up the resources

Avoid unnecessary costs by deleting the created resources

`terraform destroy`
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.techwithtyler.dev/academy/aws-security-cookbook-by-tyler/aws-guardduty/lab-deploying-aws-guardduty-via-terraform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.