The course is part of these learning paths

Security - Specialty Certification Preparation for AWS
course-steps 22 certification 2 lab-steps 12 quiz-steps 5
GDPR: Using AWS Compliance Enabling Services
course-steps 7 certification 1 lab-steps 2 quiz-steps 2
AWS Security Services
course-steps 9 certification 2 lab-steps 4 quiz-steps 3


Start course
Duration1h 3m


Course Description

During AWS re:Invent 2017, AWS launched their 11th security service in the on-going drive to help its customers protect and secure their applications, environments, and accounts. This service was Amazon GuardDuty, a regionally based, intelligent, threat-detection service. This service allows users to monitor their AWS account for unusual and unexpected behavior by analyzing AWS CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It then uses the data from logs, and assesses them against multiple security and threat detection feeds, looking for anomalies and known malicious sources, such as IP addresses and URLs. This course will introduce you to this Amazon GuardDuty and explain how it works and how to configure it, allowing you to be able to enable this service within your own AWS accounts to provide automatic and continuous security analysis for safeguarding your entire AWS environment.

Learning Objectives:

By the end of this course you will be able to:

  • Describe the Amazon GuardDuty service
  • Manage and configure GuardDuty for single and multiple accounts
  • Implement the correct permissions to both enable and manage GuardDuty
  • Manage and resolve findings generated
  • Explain how GuardDuty can play an important role within your organization

This course has been designed for those who are in a role of a:

  • Security consultant/specialist
  • Security analyst
  • Security auditor
  • Cloud architect
  • Cloud operational support analyst

This would also be valuable to anyone looking to learn more about AWS security and threat detection within AWS.


As a prerequisite to this course you should have a basic understanding of the fundamentals of AWS along with an awareness of different security measures and mechanisms that are offered by different AWS services, such as within IAM, specifically IAM policies.


If you have thoughts or suggestions for this course, please contact Cloud Academy at


AWS Resource

Amazon GuardDuty Pricing


Hello, and welcome to this very short lecture just to explain how much Amazon GuardDuty is likely to cost you, and how the pricing structure works.

Essentially, the pricing for this service is broken down into two parts. CloudTrail Event Analysis, and VPC Flow Log and DNS Log Analysis. CloudTrail Event Analysis is charged at per one million events per month, whereas the VPC Flow Logs and DNS Logs are charged at per gig of log analyzed per month.

The cost for each depends on which region you are running the service in. For a full listing of each region, visit the AWS pricing page of the service found here. When you first enable Amazon GuardDuty, you are able to use the service free for the first 30 days. In addition to this, you are able to see how much Amazon GuardDuty would have cost you for those 30 days, to help you estimate your ongoing payment should you continue to use the service. As you can see from this image within my own account for testing, there are minimal events and log data. As such, after a week, it wouldn't have cost me anything as yet. I've not reached one million events or one gig of data. However, you can see from here that should you be running this is your Enterprise account, as opposed to my personal test account, where you may have thousands of resources, it would allow you to estimate the ongoing costs associated with GuardDuty.

Before I finish this lecture, I just want to provide a costing example, based on running Amazon GuardDuty from within the London EU region, which currently states pricing as follows. Please note, for the latest pricing information, please refer to the AWS documentation. With this in mind, let's presume we have the following data per month: 55 million CloudTrail Events, 3,000 Gigabytes of VPC Flow Logs, and 2,000 Gigabytes of DNS Query Logs. Using the charges from the table listed for the London region, we can calculate the costing as follows. The CloudTrail Events would work out at $242, and the VPC Flow Logs and DNS Query Logs will total 2,350, giving a total of $2,592 for that month.

The charges for this service are very simple to understand and estimate. You may be thinking, is this worth the cost? But at the same time, you should also be thinking of the cost against not using the service, and suffering the effects of a security breach. Not only will this have a financial impact on your organization in the event you have to shut systems down to remediate the issue, but there is also a significant cost of reputation to your business. All of this needs to be taken into consideration when looking at the cost of security.

That now brings me to the end of this lecture. Coming up next, I shall be looking at some of the partner offerings that are available, that work in conjunction with Amazon GuardDuty.

About the Author

Learning paths31

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.

To date Stuart has created over 40 courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.