[Update] New feature: Amazon GuardDuty now supports RDS Protection #reInvent

2022.12.01

Hello, I am Adarsh Parakh This is AWS latest update to help monitor their RDS workload for any threats or malicious activities using GuardDuty

Amazon GuardDuty adds threat detection for RDS databases, starting with Amazon Aurora. Once enabled GuardDuty begins to profile and monitor login activity to existing and new databases in your account. GuardDuty administrators can enable the feature for member accounts. During the public preview GuardDuty RDS Protection is available at no additional costs.

https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html Many organisations rely on RDS to store critical data and power applications that require a high-performance database, getting GuardDuty threat detection support will give these organisations more comfort in using RDS Aurora for their important data.

Let's try it

It really is just one click.

How does it work?

GuardDuty analize unusual failed or successful access patterns, based on its learnings if a pattern seems unusual it generates a finding in GuardDuty

What information can you find?

It provides you with the login activities in your Account.

Supported Databases

Currently, Guard Duty supports the following Aurora database versions:

  • Aurora MySQL versions 2.10.2 and 3.2.1 or higher.
  • Aurora PostgreSQL versions 10.17, 11.12, 12.7, 13.3, and 14.3 or higher.

Conclusion

AWS GuardDuty helps continuously detect threats and malicious activities and unauthorized behavior to protect AWS accounts, and now it can do the same for your RDS Aurora workloads.

Reference

https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html