Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How do I set up a trusted IP address list for GuardDuty?

Lesedauer: 3 Minute

I want to set up a trusted IP address list for Amazon GuardDuty.

Short description

You can configure GuardDuty to use your own custom trusted IP list containing your allowed IP addresses for secure communication with your AWS infrastructure and applications. For more information, see Working with trusted IP lists and threat lists.

Resolution

Follow these instructions to create and upload a trusted IP list, verify permissions, and add it to GuardDuty.

Create a trusted IP list

Follow the instructions to create a new IPSet and save it as a file. Then, follow the instructions to upload the file to an Amazon Simple Storage Service (Amazon S3) bucket.

Note: The trusted IP list file must be in TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, or FIRE_EYE format. The trusted IP list doesn't support IPv6 addresses. You can have a maximum number of 2000 IP addresses and CIDR for each trusted IP list. Only one trusted IP list is allowed per detector resources. For more information, see Quotas for Amazon GuardDuty.

Check IAM identity permissions

Be sure that your AWS Identity and Access Management (IAM) identity has permissions with trusted IP lists and GuardDuty similar to the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "guardduty:*IPSet*",
        "guardduty:List*",
        "guardduty:Get*"
      ],
      "Resource": "*"
    }
  ]
}

Be sure that your IAM identity has permissions for PutRolePolicy and DeleteRolePolicy for the GuardDuty service linked role AWSServiceRoleForAmazonGuardDuty.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "iam:DeleteRolePolicy",
        "iam:PutRolePolicy"
      ],
      "Resource": "arn:aws:iam::123456789123:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty"
    }
  ]
}

For more information, see Editing IAM policies.

Add and activate a trusted IP list in GuardDuty

Open the GuardDuty console.
In the navigation pane, choose Lists.
Choose Add a trusted IP list.
For List name, enter a name that is meaningful to you.
For Location, enter the location for your S3 bucket. For example, https://s3.amazonaws.com/bucket-name/file.txt.
Choose the Format dropdown menu, and then choose your list's file type.
Select the I agree check box, and then choose Add list.
In Trusted IP lists, choose Active for your trusted IP list name.

Note: It can take up to 5 minutes for the list to activate.

If you change a trusted IP list in GuardDuty, you must update and then reactivate the list. For instructions, see update trusted IP lists and threat lists.

Related information

How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts

Why did GuardDuty send me alert findings for trusted IP list address?

Themen

Sicherheit, Identität & Konformität

Relevanter Inhalt

Wie behebe ich Fehler mit elastischen IP-Adressen in Amazon VPC?
AWS OFFICIALAktualisiert vor einem Jahr
Wie erlaube ich eine legitime IP-Adresse, wenn ich die IP-Reputationsliste oder anonyme IP-Liste in AWS WAF verwende?
AWS OFFICIALAktualisiert vor 8 Monaten
Ich habe GuardDuty in meiner Umgebung aktiviert, aber GuardDuty hat keine Ergebnistypen generiert.
AWS OFFICIALAktualisiert vor 8 Monaten
Unterstützt CloudFront statische IP-Adressen?
AWS OFFICIALAktualisiert vor 10 Monaten