- Newest
- Most votes
- Most comments
The general recommendation is that all participants and the owner of the Shared VPC should have Guard Duty enabled.
By default, any GuardDuty findings will only be available to the account which owns the resource against which malicious activity was detected. For example, if there are findings against an EC2 instance owned by a Shared VPC participant then only that participant AWS account will see those findings. The owner of the Shared VPC will not have access to findings related to participant resources.
If findings need to be shared across accounts customers can follow the standard administrator/member deployment model: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_accounts.html
If a participant hasn’t turned on GuardDuty but the owner has it running then no findings will be generated against that participants resources. Any findings against owner resources will still be generated as usual and sent to the owner account.
Relevant content
- Accepted Answerasked a year ago
- asked a year ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 22 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago