{"slug":"iam-aws-guardduty","cloud":"aws","service":"guardduty","title":"Amazon GuardDuty (IAM)","description":"Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.","category":"security","common_permissions":["guardduty:ListDetectors","guardduty:GetDetector","guardduty:ListFindings","guardduty:GetFindings","guardduty:ListFilters","guardduty:GetFilter","guardduty:ListIPSets","guardduty:GetIPSet"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"guardduty:ListDetectors\",\n        \"guardduty:GetDetector\",\n        \"guardduty:ListFindings\",\n        \"guardduty:GetFindings\",\n        \"guardduty:ListFilters\",\n        \"guardduty:GetFilter\",\n        \"guardduty:ListIPSets\",\n        \"guardduty:GetIPSet\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid guardduty:* — grants full control including detector deletion and configuration changes","Avoid guardduty:DeleteDetector and guardduty:DeleteIPSet — can disable threat detection and remove critical threat intelligence"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/guardduty/guardduty.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:49:42.270Z","updated_at":"2026-06-14T04:49:42.270Z"}