Setting up CloudWatch
In this section, a CloudWatch event rule will be created to invoke the Lambda function based on events happening in GuardDuty findings. If you have not subscribed to GuardDuty yet, you need to subscribe to it before moving on. For more information about GuardDuty, see Amazon GuardDuty.
The following describes creating a new event rule.
- For Event Source, choose Event Pattern, and select Events by Service from the dropdown list.
- For Service Name, select GuardDuty from the dropdown list.
- For Event Type, select GuardDuty Finding from the dropdown list.
- Check that the Event Pattern Preview looks like the code snippet below.
- For the targets, click Add Target* and select Lambda function from the dropdown list.
- For the Function, select the Lambda function you created from the dropdown list.
- Click Configure rule details.
- Name the rule as desired.
- For State, select the Enabled checkbox.
- Click Create Rule.