GuardDuty Detector
๐ฆ Overviewโ
This Terraform module provisions an AWS GuardDuty detector, enabling native threat detection in the specified region.
It supports lightweight setup for real-time monitoring of AWS accounts, services, and resources.
โ Key Featuresโ
- Enables AWS GuardDuty for continuous threat detection
- Supports toggling activation via input variable
- Tags resources with environment context
- Forms the foundation for centralized security visibility
๐ผ Use Casesโ
- Initializing AWS-native threat detection in a new account
- Enabling lightweight threat monitoring for dev/test environments
- Automating baseline GuardDuty setup for AWS Landing Zones
- Integrating GuardDuty into a multi-account security strategy
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region to deploy the GuardDuty detector |
| enable | bool | Whether to activate the detector upon deployment |
| environment | string | Tag to specify the deployment environment (e.g., dev, prod) |
๐ค Outputsโ
| Name | Description |
|---|---|
| guardduty_detector_id | The ID of the created GuardDuty detector |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Tested with AWS provider 5.x
- ๐งช Requires IAM permissions for GuardDuty setup
๐ ๏ธ Example Usageโ
module "guardduty_detector" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//security/guardduty-detector?ref=v1.0.0"
region = "us-east-1"
enable = true
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
Manual Deletion (for production environments):
aws guardduty list-detectors
aws guardduty delete-detector --detector-id <detector_id>
๐ก๏ธ Notesโ
This is a Level 1 security module designed for GuardDuty enablement. For full protection, consider enabling GuardDuty organization-wide and exporting findings to a centralized logging or SIEM system.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.