Skip to main content
Version 1 Documentation
This is Version 1 documentation for the Cloud Posse Reference Architecture. To determine which version you're using, please see Version Identification. To understand why this version changed, please see the blog post.
Sponsor @cloudposse
Version: v1

Enable GuardDuty for EKS Protection

Problem

The new feature, GuardDuty for EKS Protection, expands coverage to continuously monitor and profile Amazon Elastic Kubernetes Service (EKS) workload activity to identify malicious or suspicious behavior representing potential threats to container workloads.

Solution

Enable GuardDuty for EKS Protection in the security account via ClickOps.

TL;DR:

Under Guard Duty in the AWS Console, go to “Kubernetes Protection” and enable “Kubernetes Audit Logs Monitoring” for both (1) this account and for (2) all your active member accounts