Lab: Deploying AWS GuardDuty via Terraform
How to deploy AWS GuardDuty via Terraform
Already Know Terraform?
If you're already familiar with Terraform, feel free to hop over to the AWS Security Cookbook by Tyler GitHub repository to grab and deploy the code. Otherwise, stick around and we'll walk through it together!
Overview
The Terraform code for this module has been left in a simplified state (i.e., not using modules, loops, or other advanced Terraform features) to be more easily accessible. You can customize it further to meet your specific requirements.
Deployment
Cost Alert
AWS GuardDuty is a paid service. Enabling related protection plans and features has additional cost.
# clone the AWS Security Cookbook repository
git clone https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler
# navigate to AWS GuardDuty directory
cd AWS_Cookbook_by_Tyler/recipes/aws_guardduty/Lab:Deploying_AWS_GuardDuty_via_Terraform
# initialize the directory and download the required terraform providers
terraform init
# check formatting and validate the syntax is correct
terraform fmt && terraform validate
# check the resources that will be created
terraform plan
# deploy the resources
terraform applyOnce complete, head to the AWS GuardDuty console and check it out!
Generate Findings
Until alerts get generated, your GuardDuty console will be pretty lackluster. We'll learn how to create findings in a future lab, but for now, you can explore sample findings.
In the AWS console, go to GuardDuty > Settings > Sample findings and click Generate sample findings. This will create one sample from each of the GuardDuty finding types, prefixing each with [SAMPLE] for easy identification. There is no charge for this!
Now, our GuardDuty instance is filled with some fun results to explore!
Cleanup
Last updated
Was this helpful?