Enabling Runtime Monitoring for a standalone account

A standalone account owns the decision to enable or disable a protection plan in their AWS account in a specific AWS Region.

If your account is associated with a GuardDuty administrator account through AWS Organizations, or by the method of invitation, this section doesn't apply to your account. For more information, see Enabling Runtime Monitoring for multiple-account environments.

After you enable Runtime Monitoring, ensure to install GuardDuty security agent through automated configuration or manual deployment. As a part of completing all the steps listed in the following procedure, make sure to install the security agent.

To enable Runtime Monitoring in standalone account

Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
In the navigation pane, choose Runtime Monitoring.
Under the Configuration tab, choose Enable to enable Runtime Monitoring for your account.
For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources:
To enable GuardDuty security agent

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Enabling Runtime Monitoring for multiple-account environments

Managing GuardDuty security agents

Enabling Runtime Monitoring for a standalone account

To enable Runtime Monitoring in standalone account

To enable GuardDuty security agent