Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Troubleshooting ec2 Guardduty runtime agent not reporting

0

I am following the steps to enable the GuardDuty security agent on my ec2 instances which are used in a ecs cluster.

The ec2 instance is running and when I run sudo systemctl status amazon-guardduty-agent

it shows

amzn_guardduty_agent_ecs: GuardDuty agent started
amzn_guardduty_agent_ecs: Type Ctrl+C to terminate

I've crated a VPC endpoint with private subnet the ec2 instance is in, with dns enabled and a security group applied allowing 443 inbound from 0.0.0.0/0 but it's still reporting as agent no reporting in the AWS Guardduty dashboard.

What is the endpoint that is called / is there any further troubleshooting I can do from the ec2 instance?

Themen
Sicherheit, Identität & Konformität
Tags
Amazon GuardDuty
Sprache
English
AWS-User-8443772
gefragt vor 5 Monaten370 Aufrufe
2 Antworten
0

The IAM role assigned to the EC2 hosts must have the policy AWSServiceRoleForAmazonGuardDuty

Is this the case?

profile picture
EXPERTE
Gary Mclean
beantwortet vor 5 Monaten
  • AWS-User-8443772
    vor 5 Monaten

    I didn't see that documented anywhere - but it turns out I missed a step on the guide. Under Additional settings, choose Enable DNS name.

0

Validate Prerequisites for Amazon EC2 instance support here - https://docs.aws.amazon.com/guardduty/latest/ug/prereq-runtime-monitoring-ec2-support.html

profile picture
Navya Shukla
beantwortet vor 5 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt