Your team has just received word that you will be implementing Amazon GuardDuty into your environment, and you need a test run to make sure you understand how to integrate it with S3 for logging. In this lab, you will create a role, AWS IAM, to successfully allow GuardDuty to talk to other services in the environment as well as configure GuardDuty to export findings to S3. You will configure an AWS Key Management Service key to ensure that all data is secured and confirm that everything is working as intended. Take advantage of the solution videos if you get stuck! Good luck, Gurus!
Successfully complete this lab by achieving the following learning objectives:
- Create a GuardDuty Role
- Navigate to AWS IAM and then choose roles.
- Create a role using AWS service.
- Choose GuardDuty.
- Create role.
- Configure an S3 Bucket for GuardDuty Findings
- Navigate to GuardDuty and enable it.
- Click on Settings.
- Scroll down to Export Options.
- Configure S3 bucket for export.
- Name the bucket guardduty<random_numbers>.
- Use prefix findings.
- Open KMS in a new tab to create key and adjust policy.
- Create a single symmetric key in a single Region.
- Copy and paste the policy provided.
- Save the key.
- Navigate back to GuardDuty.
- Refresh that section and select the KMS key we created.
- Save this configuration.
- Adjust the time for the export from 6 hours to 15 minutes.
- Generate Sample Findings and Confirm Logs in S3
- In GuardDuty, navigate to the Generate Sample Findings button in Settings and click it.
- Verify findings were created by navigating to Findings.
- Open one of each type of finding to view.
- Navigate to S3.
- Click on the bucket we created and click through folders until you see the logs listed.
- Congratulations on completing this lab!