AWS guardduty documentation change
Summary
Added details about VPC endpoint usage and agent deployment options
Security assessment
Explains security architecture (data staying within AWS network via VPC endpoints) but doesn't fix vulnerabilities
Diff
diff --git a/guardduty/latest/ug/how-does-runtime-monitoring-work.md b/guardduty/latest/ug/how-does-runtime-monitoring-work.md index d57906078..0aa836784 100644 --- a//guardduty/latest/ug/how-does-runtime-monitoring-work.md +++ b//guardduty/latest/ug/how-does-runtime-monitoring-work.md @@ -11 +11 @@ To use Runtime Monitoring, you must enable Runtime Monitoring and then manage th - 2. **Manage GuardDuty agent** for the individual resources for which you want to monitor the runtime behavior. Based on the resource type, you can choose to deploy the GuardDuty security agent either manually or by allowing GuardDuty to manage it on your behalf, called automated agent configuration. + 2. **Manage GuardDuty agent** for the individual resources for which you want to monitor the runtime behavior. Based on the resource type, you can choose to: @@ -13 +13,5 @@ To use Runtime Monitoring, you must enable Runtime Monitoring and then manage th -GuardDuty uses [Instance identity roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-identity-roles) that authenticates the security agent for each resource type to send the associated runtime events to the VPC endpoint. + * Use automated agent configuration, where GuardDuty manages the agent deployment and automatically an Amazon Virtual Private Cloud (Amazon VPC) endpoint. + + * Install agent manually, which requires you to create the VPC endpoint as a prerequisite. + +The security agent uses VPC endpoint to deliver events to GuardDuty, ensuring that the data remains within the AWS network. This approach enhances security and allows GuardDuty to monitor and analyze runtime behavior across your resources (Amazon EKS, Amazon EC2, and AWS Fargate-Amazon ECS). GuardDuty uses [Instance identity roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-identity-roles) that authenticates the security agent for each resource type to send the associated runtime events to the VPC endpoint.