AWS guardduty high security documentation change
Summary
Modified VPC endpoint validation steps to require CIDR-based security group rules instead of 0.0.0.0/0 access
Security assessment
Changes security group configuration from open internet (0.0.0.0/0) to VPC CIDR restrictions, reducing attack surface
Diff
diff --git a/guardduty/latest/ug/validate-vpc-endpoint-config-runtime-monitoring.md b/guardduty/latest/ug/validate-vpc-endpoint-config-runtime-monitoring.md index 8e3e82e1d..4538cf74c 100644 --- a//guardduty/latest/ug/validate-vpc-endpoint-config-runtime-monitoring.md +++ b//guardduty/latest/ug/validate-vpc-endpoint-config-runtime-monitoring.md @@ -13 +13 @@ Use the following steps to validate that VPC endpoint configuration for your res - 2. In the navigation pane, under **Virtual private cloud** , choose **Endpoints**. + 2. In the navigation pane, under **Virtual private cloud** , choose **Your VPCs**. @@ -15 +15 @@ Use the following steps to validate that VPC endpoint configuration for your res - 3. In the **Endpoints** table, select the row that has the **Service name** similar to **com.amazonaws.`us-east-1`.guardduty-data**. The Region (`us-east-1`) may be different for your endpoint. + 3. On the **Your VPCs** page, choose **IPv4 CIDR** associated with your **VPC ID**. @@ -17 +17 @@ Use the following steps to validate that VPC endpoint configuration for your res - 4. A panel for endpoint details will appear. Under the **Security Groups** tab, select the associated **Group ID** link for more details. + 4. In the navigation pane, under **Virtual private cloud** , choose **Endpoints**. @@ -19 +19 @@ Use the following steps to validate that VPC endpoint configuration for your res - 5. In the **Security Groups** table, select the row that with the associated **Security group ID** to view the details. + 5. In the **Endpoints** table, select the row that has the **Service name** similar to **com.amazonaws.`us-east-1`.guardduty-data**. The Region (`us-east-1`) might be different for your endpoint. @@ -21 +21 @@ Use the following steps to validate that VPC endpoint configuration for your res - 6. Under the **Inbound rules** tab, ensure that there is an ingress policy with **Port range** as **443** and **Source** as **0.0.0.0/0**. Inbound rules control the incoming traffic that is allowed to reach the instance. The following image shows the inbound rules for a security group that is associated with the VPC used by the GuardDuty security agent. + 6. A panel for endpoint details will appear. Under the **Security Groups** tab, select the associated **Group ID** link for more details. @@ -23 +23,3 @@ Use the following steps to validate that VPC endpoint configuration for your res - + 7. In the **Security Groups** table, select the row that with the associated **Security group ID** to view the details. + + 8. Under the **Inbound rules** tab, ensure that there is an ingress policy with **Port range** as **443** and **Source** as the value copied from the **IPv4 CIDR**. Inbound rules control the incoming traffic that is allowed to reach the instance. The following image shows the inbound rules for a security group that is associated with the VPC used by the GuardDuty security agent.