1 Answer
- Newest
- Most votes
- Most comments
0
When enabling GuardDuty for S3, GD starts looking for S3 Data Events, e.g. GetObject, ListObjects, DeleteObject, and PutObject API operations. They are often high-volume activities, especially if used in the context of ETL processes.
You can find more details by creating a Cost Usage Report (CUR) and filter by product/group = Security Services - Amazon GuardDuty Paid S3 Data Events Processed
. If you are using tags, you can get a more granular view of which buckets are contributing the most (this is also available from the Events section in the GD console)
Relevant content
- asked a year ago
- asked 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 10 months ago