I am following the steps to enable the GuardDuty security agent on my ec2 instances which are used in a ecs cluster.
The ec2 instance is running and when I run sudo systemctl status amazon-guardduty-agent
it shows
amzn_guardduty_agent_ecs: GuardDuty agent started
amzn_guardduty_agent_ecs: Type Ctrl+C to terminate
I've crated a VPC endpoint with private subnet the ec2 instance is in, with dns enabled and a security group applied allowing 443 inbound from 0.0.0.0/0 but it's still reporting as agent no reporting in the AWS Guardduty dashboard.
What is the endpoint that is called / is there any further troubleshooting I can do from the ec2 instance?
I didn't see that documented anywhere - but it turns out I missed a step on the guide.
Under Additional settings, choose Enable DNS name.