Upgrades the GuardDuty component to support processing a stream of events (VPC flow logs, DNS logs, AWS CloudTrail, etc.) before analyzing these events to identify potential security threats and generate findings. Historically, GuardDuty protections were called dataSources in the APIs. However, after March 2023, new GuardDuty protection types are now configured as features and not dataSources.
What
This PR directly adds support for RDS login monitoring, but the component can now configure GuardDuty detection features such as S3 data events, EKS audit logs, RDS login events, EKS runtime monitoring, Lambda network, logs, and EC2 runtime monitoring.
[ ] Bug fix (non-breaking change which fixes an issue)
[X] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
Deleting this resource does not disable the detector feature, the resource in simply removed from state instead
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources
[X] Validated with atmos validate stacks
[X] Performed successful atmos terraform plan on component
Why
dataSources
in the APIs. However, after March 2023, new GuardDuty protection types are now configured as features and notdataSources
.What
This PR directly adds support for RDS login monitoring, but the component can now configure GuardDuty detection features such as S3 data events, EKS audit logs, RDS login events, EKS runtime monitoring, Lambda network, logs, and EC2 runtime monitoring.
[ ] Bug fix (non-breaking change which fixes an issue)
[X] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[ ] This change requires a documentation update
Usage
Testing
Notable comments:
EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources[X] Validated with
atmos validate stacks
[X] Performed successful
atmos terraform plan
on componentReferences