Testing the setup
When all services have been created and configured properly, execute this simple test to verify your work.
- Create and run the test event from the Lambda function:
- From the Test Event dropdown list, select Configure test events.
- Select Create new test event to add a test event with the content as the code snippet below.
{
"id": "fa9fa4a5-0232-188d-da1c-af410bcfc344",
"detail": {
"service": {
"serviceName": "guardduty",
"action": {
"networkConnectionAction": {
"connectionDirection": "INBOUND",
"remoteIpDetails": {
"ipAddressV4": "192.168.123.123"
}
}
},
"additionalInfo": {
"threatListName": "GeneratedFindingThreatListName">
},
"eventLastSeen": "2018-07-18T22:12:01.720Z"
},
"severity": 3
}
}
- From the Test Event dropdown list again, select the event you have just created, then click Test to execute this Lambda function with the given event.
- Verify the test result.
- If everything was set up correctly, you will see Execution result: succeeded on the top of the page of this Lambda function.
- Check and see a record with finding_id - fa9fa4a5-0232-188d-da1c-af410bcfc344 and ip - 192.168.123.123 is in the DynamoDB table - my-aws-lambda-guardduty-db.
- Check and see the file ip_blocklist resides in the S3 bucket my-aws-lambda-guardduty.
- Check that the ip_blocklist file has a Read object permission for Everyone under the Public access section.
- Check that the ip_blocklist is accessible through its link in browser (e.g. https://s3-us-east-1.amazonaws.com/***my-aws-lambda-guardduty***/ip_blocklist)
- Check that the ip_blocklist file contains 192.168.123.123 in a single line in its content.