Lab: Deploying AWS GuardDuty via Terraform

Overview

The Terraform code for this module has been left in a simplified state (i.e., not using modules, loops, or other advanced Terraform features) to be more easily accessible. You can customize it further to meet your specific requirements.

Deployment

# clone the AWS Security Cookbook repository
git clone https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler

# navigate to AWS GuardDuty directory
cd AWS_Cookbook_by_Tyler/recipes/aws_guardduty/Lab:Deploying_AWS_GuardDuty_via_Terraform

# initialize the directory and download the required terraform providers
terraform init

# check formatting and validate the syntax is correct
terraform fmt && terraform validate

# check the resources that will be created
terraform plan 

# deploy the resources
terraform apply

• Once complete, head to the AWS GuardDuty console and check it out!

Generate Findings

Until alerts get generated, your GuardDuty console will be pretty lackluster. We'll learn how to create findings in a future lab, but for now, you can explore sample findings.

In the AWS console, go to GuardDuty > Settings > Sample findings and click Generate sample findings. This will create one sample from each of the GuardDuty finding types, prefixing each with [SAMPLE] for easy identification. There is no charge for this!

Now, our GuardDuty instance is filled with some fun results to explore!

Cleanup