Amazon GuardDuty in Amazon Web Services in China
Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your Amazon environment.
Region availability
Amazon GuardDuty is available in the following regions in China:
-
Beijing Region
-
Ningxia Region
How GuardDuty differs
The following differences apply to Amazon GuardDuty:
-
The Customizing threat detection with entity lists and IP address lists capability doesn’t support entity lists in China Regions. GuardDuty continues to support IP address lists.
-
The Extended Threat Detection coverage for EKS clusters supports detecting multi-stage attacks through available EKS Protection finding types (EKS audit log monitoring) and Amazon API activity in the China Regions.
Runtime Monitoring (including EKS Runtime Monitoring) is not available in the China Regions.
-
The following Extended Threat Detection finding type is not available in the China Regions:
-
The following EKS Protection (EKS audit log monitoring) finding types are not available in the China Regions:
-
CredentialAccess:Kubernetes/AnomalousBehavior.SecretsAccessed
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleBindingCreated
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.WorkloadDeployed!PrivilegedContainer
-
Persistence:Kubernetes/AnomalousBehavior.WorkloadDeployed!ContainerWithSensitiveMount
-
PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleCreated
-
-
The additional filterable fields for suppression rules and filters are not available in the China Regions. You can continue to use the console-supported fields.
-
The following IAM finding types are not available in the China Regions:
-
Amazon GuardDuty and interface VPC endpoint (Amazon PrivateLink) integration is not available in the China Regions.
-
Malware Protection for S3 is not available in the China Regions.
-
Malware Protection for Backup is not available in the China Regions.
-
The following list describes the feature differences for Malware Protection for EC2:
-
On-demand malware scan is not available in the China Regions. The new API related to on-demand malware scan is also not available in the China Regions. GuardDuty initiated malware scans for EC2 are still supported in these Regions.
-
Scanning instances with
productCodeasmarketplaceis not available in the China Regions. GuardDuty will skip the malware scan for such instances and log the skip reason as UNSUPPORTED_PRODUCT_CODE_TYPE. -
Malware scan of Amazon EBS volumes encrypted with Amazon managed keys is not available in the China Regions.
-
-
RDS Protection is not available in the China Regions.
-
GuardDuty findings for CloudFront activity will no longer be available in China (Beijing) Region, cn-north-1. In order to monitor CloudFront activity, GuardDuty must be enabled in China (Ningxia) Region, cn-northwest-1.
-
The following Amazon EC2 finding types are not available in the China Regions.
-
The following GuardDuty Tor-related finding types have retired in the China Regions: