Fortinet black logo

online help

Enable Amazon Guard Duty

Copy Link
Copy Doc ID 58cdf477-b7d4-11ea-8b7d-00505692583a:252646

Enable Amazon Guard Duty

Amazon Guard Duty requires administrator or user with specific role/policy to enable.

To check the credentials, follow these steps:

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Guard Duty" and click on AWSServiceRoleForAmazonGuardDuty.
  5. If AWSServiceRoleForAmazonGuardDuty Role does not exist, follow the steps Create Amazon Guard Duty Role (optional) in to create the Guard Duty Role.
  6. Make sure AmazonGuardDutyServiceRolePolicy existed under permission.

After you verified that the configuration of AWSServiceRoleForAmazonGuardDuty Role, continue here to enable Amazon Guard Duty.

Create Amazon Guard Duty Role (optional)

If you have never used Amazon Guard Duty, you will need to create an Amazon Guard Duty Role first. Before adding Amazon Guard Duty Role, make sure you are the AWS administrator or user with administrator privilege.

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu, and click Create role button.
  4. Click GuardDuty under Or select a service to view its use cases, then scroll down to click Next:Permissions
  5. In Create Role, you should see AmazonGuardDutyServiceRolePolicy in Policy name column, and click Next:Tag.
  6. Continue and click Next:Review in Add tags page.
  7. The default Role name set by AWS is AWSServiceRoleForAmazonGuardDuty, click Create role to finish creating the Guard Duty Role.

Enable Amazon Guard Duty

Once the user has Amazon Guard Duty role/policy, log into Guard Duty to enable it.

  1. Search and click on GuardDuty from AWS Services Menu.
  2. Select the region to monitor on the top right corner.
  3. Choose Get Started, and then click on Enable Guard Duty.
  4. Now Guard Duty is enabled, it will start pulling streams of data from AWS CloudTrail, VPC Flow Logs, and DNS logs to generate security findings.

Enable Amazon Guard Duty

Amazon Guard Duty requires administrator or user with specific role/policy to enable.

To check the credentials, follow these steps:

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Guard Duty" and click on AWSServiceRoleForAmazonGuardDuty.
  5. If AWSServiceRoleForAmazonGuardDuty Role does not exist, follow the steps Create Amazon Guard Duty Role (optional) in to create the Guard Duty Role.
  6. Make sure AmazonGuardDutyServiceRolePolicy existed under permission.

After you verified that the configuration of AWSServiceRoleForAmazonGuardDuty Role, continue here to enable Amazon Guard Duty.

Create Amazon Guard Duty Role (optional)

If you have never used Amazon Guard Duty, you will need to create an Amazon Guard Duty Role first. Before adding Amazon Guard Duty Role, make sure you are the AWS administrator or user with administrator privilege.

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu, and click Create role button.
  4. Click GuardDuty under Or select a service to view its use cases, then scroll down to click Next:Permissions
  5. In Create Role, you should see AmazonGuardDutyServiceRolePolicy in Policy name column, and click Next:Tag.
  6. Continue and click Next:Review in Add tags page.
  7. The default Role name set by AWS is AWSServiceRoleForAmazonGuardDuty, click Create role to finish creating the Guard Duty Role.

Enable Amazon Guard Duty

Once the user has Amazon Guard Duty role/policy, log into Guard Duty to enable it.

  1. Search and click on GuardDuty from AWS Services Menu.
  2. Select the region to monitor on the top right corner.
  3. Choose Get Started, and then click on Enable Guard Duty.
  4. Now Guard Duty is enabled, it will start pulling streams of data from AWS CloudTrail, VPC Flow Logs, and DNS logs to generate security findings.