Troubleshooting ec2 Guardduty runtime agent not reporting

0

I am following the steps to enable the GuardDuty security agent on my ec2 instances which are used in a ecs cluster.

The ec2 instance is running and when I run sudo systemctl status amazon-guardduty-agent

it shows

amzn_guardduty_agent_ecs: GuardDuty agent started
amzn_guardduty_agent_ecs: Type Ctrl+C to terminate

I've crated a VPC endpoint with private subnet the ec2 instance is in, with dns enabled and a security group applied allowing 443 inbound from 0.0.0.0/0 but it's still reporting as agent no reporting in the AWS Guardduty dashboard.

What is the endpoint that is called / is there any further troubleshooting I can do from the ec2 instance?

質問済み 6ヶ月前409ビュー
2回答
0

The IAM role assigned to the EC2 hosts must have the policy AWSServiceRoleForAmazonGuardDuty

Is this the case?

profile picture
エキスパート
回答済み 6ヶ月前
  • I didn't see that documented anywhere - but it turns out I missed a step on the guide. Under Additional settings, choose Enable DNS name.

0

Validate Prerequisites for Amazon EC2 instance support here - https://docs.aws.amazon.com/guardduty/latest/ug/prereq-runtime-monitoring-ec2-support.html

profile picture
回答済み 6ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ