Removing Runtime Monitoring from an Amazon ECS cluster
You might want to exclude certain clusters from protection, for example clusters that you use for testing. This causes GuardDuty to perform the following operations on resources in the cluster:
-
No longer deploy the GuardDuty security agent to new standalone Fargate tasks, or new service deployments.
In order to preserve the immutability constraint, existing tasks and deployments with Runtime Monitoring enabled are not affected.
-
Stop billing and no longer accepts run time events for tasks.
Procedure
Perform the following steps to remove Runtime Monitoring from a cluster.
-
Use the Amazon ECS console or Amazon CLI to set the
GuardDutyManaged
tag key on the cluster tofalse
. For more information, see Updating a cluster or Working with tags using the CLI or API. Use the following values for the tag.Note
The Key and Value are case sensitive and must exactly match the strings.
Key =
GuardDutyManaged
, Value =false
-
Delete the GuardDuty VPC endpoint for the cluster. For more information about how to delete VPC endpoints, see Delete an interface endpoint in the Amazon PrivateLink User Guide.