Honeypots made for a cloud native world.
Only low-interaction ones currently (but see this issue).
honeypot.yaml Cloudformation stack template from the latest of the aws-cloudformation Github ReleasesYou should get 1 Fargate task running on ECS for the honeypot itself and an associated Eventbridge event bus.
When hit with GET requests, the task will publish events to the event bus.
You can add an Evenbridge rule to the event bus to react to the events.
For example, you could add a rule targeting events with source cloud-native-honeypot that invokes an SNS topic, which then notifies humans of the events.
There are several alternatives to this that are worth considering
Reserving an ip address with an ENI, then alerting on any flow logs with a matching destination ip address is another way to achieve the same effect.
However it's less extensible than the approach here, as it can't be generalized to become a "high-interaction" honeypot that emulates a realistic server.
If you have the means, paying for a honeypot from a vendor (e.g. ThinkstCanary) is likely a better option.
There are other open source options out there to self-host (e.g. T-Pot) but I didn't find any that seemed easy to deploy and integrate into cloud resources.
Check out the subproject README.md files for more information