1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
When enabling GuardDuty for S3, GD starts looking for S3 Data Events, e.g. GetObject, ListObjects, DeleteObject, and PutObject API operations. They are often high-volume activities, especially if used in the context of ETL processes.
You can find more details by creating a Cost Usage Report (CUR) and filter by product/group = Security Services - Amazon GuardDuty Paid S3 Data Events Processed
. If you are using tags, you can get a more granular view of which buckets are contributing the most (this is also available from the Events section in the GD console)