Amazon GuardDuty Runtime Monitoring, which detects potential runtime-based threats, now protects workloads running in shared virtual private cloud (VPCs) across all supported compute services. VPC sharing allows multiple AWS accounts to create their application resources, such as Amazon EC2 instances, into shared, centrally-managed VPCs. Customers use shared VPCs to simplify network management across different accounts in the organization, providing cost benefits and reduced operational overhead with fewer VPCs to manage. GuardDuty Runtime Monitoring uses a VPC endpoint to securely send the agent telemetry to the GuardDuty backend for processing and detecting threats. With GuardDuty Runtime Monitoring, customers can automatically manage the security agent—including the creation of the VPC endpoint and installing, deploying, and updating the agent—at no extra cost. With this launch, customers who are already opted into automated agent management in GuardDuty will benefit from a renewed 30-day trial of GuardDuty Runtime Monitoring where we will automatically start monitoring the resources (clusters) deployed in shared VPC setup. Customers also have the option to manually manage the agent and provision the VPC endpoint in their shared VPC environment.
Source:: Amazon AWS