roleyfoley
commented
5 years ago This would be an account level component with the requirements for either a lambda function or SNS topic to provide alerts via CloudWatch Events
IPAddress groups for both whitelisted IP's and for blacklisted IP's would also be optional configuration
GuardDuty also supports organisation level consolidation of findings which can be configured via CloudFormation. A master account can be defined and all other accounts can forward configuration and events to the master.
This would require linking between account components along with deployment plans as there is a cooridination step between the master and member accounts
Add support for the AWS Guard Duty service which monitors account activity for suspicious behaviour
This service should be enabled in every AWS region and configured to align with the region roles in #668