Amazon GuardDuty in AWS GovCloud (US)
How Amazon GuardDuty differs for AWS GovCloud (US)
The following features are not supported in both the AWS GovCloud (US) Regions:
-
Malware Protection for S3
-
Runtime Monitoring
-
EKS Runtime Monitoring
-
RDS Protection
-
Malware Protection for EC2
-
Cross-region data transfer
-
Member accounts invitation notifications through AWS Health Dashboard and email
-
In AWS GovCloud (US) Regions, AWS doesn't use or store Customer Content processed by Amazon GuardDuty to develop and improve the service or technologies of AWS or its affiliates. Opt-out policies are currently not applicable to these Regions.
The following EKS audit log finding types are not available in the GovCloud Regions:
-
CredentialAccess:Kubernetes/AnomalousBehavior.SecretsAccessed
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleBindingCreated
-
Execution:Kubernetes/AnomalousBehavior.ExecInPod
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.WorkloadDeployed!PrivilegedContainer
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.WorkloadDeployed!ContainerWithSensitiveMount
-
Execution:Kubernetes/AnomalousBehavior.WorkloadDeployed
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleCreated
-
Discovery:Kubernetes/AnomalousBehavior.PermissionChecked
Documentation for Amazon GuardDuty
Amazon GuardDuty documentation
Export-controlled content
For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.
-
This service can generate metadata from customer-defined configurations. AWS suggests customers do not enter export-controlled information in console fields, descriptions, resource names, and tagging information.
No data will leave the AWS GovCloud (US) Regions for this service.