![]() ![]() Terraform applied at a regional level (in this example us-west-1) Terraform Lambda module and Go function for notifications Terraform applied at a global level (IAM roles and policies) Terraform snippets for GuardDuty member accounts While there are more sophisticated ways to manage this, for the simplicity of this post, the following directory structure will be used: accounts/ Some accounts may not use the same regions as others. GuardDuty is a regional service, so member accounts need to be invited for every region they use. The complete example set of code is available here. This post will walk you through the process and code used to join member accounts to an organization and send GuardDuty findings as Slack notifications. We use this to notify the security team on Slack by configuring a CloudWatch Event Rule on GuardDuty findings that triggers a Lambda serverless function written in Go called GuardDuty2Slack. GuardDuty allows us to automatically send notifications to CloudWatch Events. It provides an enterprise with comprehensive threat detection, stronger security through automation and centralized management at scale. ![]() Multiple member AWS accounts can be aggregated into a master account to centrally manage alerts across an entire organization. It analyzes events from CloudTrail, VPC Flow Logs and DNS logs using machine learning, anomaly detection and known threats to provide security intelligence in the form of GuardDuty alerts or findings. Another important tool is Amazon Web Services (AWS) GuardDuty, a continuous monitoring service for security threat detection in your AWS accounts. Terraform from HashiCorp allows us to automate the process with Infrastructure as Code (IaC). ![]() At Kong, we leverage many tools to protect our services and customers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |