Amazon GuardDuty (IAM)

aws security

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.

Common permissions

guardduty:ListDetectorsguardduty:GetDetectorguardduty:ListFindingsguardduty:GetFindingsguardduty:ListFiltersguardduty:GetFilterguardduty:ListIPSetsguardduty:GetIPSet

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "guardduty:ListDetectors",
        "guardduty:GetDetector",
        "guardduty:ListFindings",
        "guardduty:GetFindings",
        "guardduty:ListFilters",
        "guardduty:GetFilter",
        "guardduty:ListIPSets",
        "guardduty:GetIPSet"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid guardduty:* — grants full control including detector deletion and configuration changes
Avoid guardduty:DeleteDetector and guardduty:DeleteIPSet — can disable threat detection and remove critical threat intelligence

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/guardduty/guardduty.json ↗

API

full doc /v1/iam/guardduty