Setting up CloudWatch
In this section, you create a CloudWatch event rule to invoke the Lambda function based on events happening in GuardDuty findings. If you have not subscribed to GuardDuty yet, you must subscribe to it before moving on. See Amazon GuardDuty Getting Started.
The following describes creating a new event rule:
- For Event Source, choose Event Pattern, and select Events by Service from the dropdown list.
- From the Service Name dropdown list, select GuardDuty.
- From the Event Type dropdown list, select GuardDuty Finding.
- Check that the Event Pattern Preview looks like the code snippet below.
- For the targets, click Add Target* and select Lambda function from the dropdown list.
- For the Function, select the Lambda function you created from the dropdown list.
- Click Configure rule details. Name the rule as desired.
- For State, select the Enabled checkbox.
- Click Create Rule.