Understanding Amazon GuardDuty
1h 3m

During AWS re:Invent 2017, AWS launched its 11th security service in the on-going drive to help its customers protect and secure their applications, environments, and accounts. This service was Amazon GuardDuty, a regionally based, intelligent, threat-detection service. This service allows users to monitor their AWS account for unusual and unexpected behavior by analyzing AWS CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It then uses the data from logs and assesses them against multiple security and threat detection feeds, looking for anomalies and known malicious sources, such as IP addresses and URLs. This course will introduce you to this Amazon GuardDuty and explain how it works and how to configure it, allowing you to be able to enable this service within your own AWS accounts to provide automatic and continuous security analysis for safeguarding your entire AWS environment.

Learning Objectives

By the end of this course you will be able to:

  • Describe the Amazon GuardDuty service
  • Manage and configure GuardDuty for single and multiple accounts
  • Implement the correct permissions to both enable and manage GuardDuty
  • Manage and resolve findings generated
  • Explain how GuardDuty can play an important role within your organization

This course has been designed for individuals in the following roles:

  • Security consultant/specialist
  • Security analyst
  • Security auditor
  • Cloud architect
  • Cloud operational support analyst

This course would also be valuable to anyone looking to learn more about AWS security and threat detection within AWS.


As a prerequisite to this course, you should have a basic understanding of the fundamentals of AWS along with an awareness of different security measures and mechanisms that are offered by different AWS services, such as within IAM, specifically IAM policies.


If you have thoughts or suggestions for this course, please contact Cloud Academy at


Hello, and welcome to this course covering the AWS security service, Amazon GuardDuty, which was announced during AWS re:Invent 2017. This course will explain what the service is and guide you through its features and configuration.

Before we start, I would like to introduce myself. My name is Stuart Scott. I'm one of the trainers here at Cloud Academy, specializing in AWS Amazon web services. Feel free to connect with me with any questions, using the details shown on the screen, or tentatively, you can always get in touch with us, here, at Cloud Academy, by sending an email to, where one of our Cloud experts will reply to your question.

As a pre-requisite to this course, you should have a basic understanding of the fundamentals of AWS, along with an awareness of different security measures and mechanisms that are offered by different AWS services, such as within IAM, specifically IAM Policies.

This course has been designed for those who are in a role of a security consultant or specialist, security analyst, security auditor, Cloud architect, or Cloud operational support analyst. This would also be valuable to anyone looking to learn more about AWS Security and threat detection within AWS.

This course has been designed to lead someone who is new to Amazon GuardDuty through to becoming someone who has a sound understanding of the service. The lectures have therefore been constructed as follows:

  • What is Amazon GuardDuty? This lecture focuses on explaining what the service is and the function that it provides.
  • Components and configuration: This looks at the different components and elements that make up a service. This lecture also includes a demonstration on how to configure a service.
  • Managing multiple accounts: If you have multiple accounts, then this lecture will explain how you can configure Amazon GuardDuty to work across all your AWS accounts that you have.
  • Managing permissions: As with any service, you need to ensure you have the correct permissions configured for both the service with the service-linked role, and also your operational staff who will manage the service. This lecture looks at the different permissions required.
  • Understanding Amazon GuardDuty findings: Here, we'll look at how to view the findings generated by Amazon GuardDuty and the different components of these findings to help you remediate any issues.
  • Benefits to the enterprise: This lecture focuses on how Amazon GuardDuty can be of benefit to your business.
  • Costing: Understanding that cost is important when using the features of a new service. This lecture examines those costs and provides an example.
  • Partner offerings: A number of different third parties offer services that seamlessly interact with GuardDuty. So, here, I will look at a couple of these examples.
  • Summary: Finally, I provide a summary lecture, which will highlight the main points from each lecture.

There are a number of key objectives to this course. These being: to understand what Amazon GuardDuty offers as a service, you'll understand how to manage and configure the service for single and multiple accounts, you'll understand how to implement the correct permissions to both enable and manage the service, you'll have an awareness on how to manage and resolve findings generated, and you'll be able to explain how Amazon GuardDuty can play an important role within your organization.

Feedback on our courses, here at Cloud Academy, are valuable to both us, as trainers, and any students that can take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you can contact us at

That brings us to the end of this lecture. Coming up next, I'll be explaining exactly what Amazon GuardDuty is.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.