Posted On: Nov 26, 2023

Today, AWS announces Amazon GuardDuty ECS Runtime Monitoring, an expansion of Amazon GuardDuty that introduces runtime threat detection for Amazon Elastic Container Service (Amazon ECS) workloads—including serverless container workloads running on AWS Fargate. 

Earlier in 2023, we introduced runtime monitoring for containerized workloads running on Amazon Elastic Kubernetes Service (Amazon EKS), which gives you visibility into on-host, operating system-level activities. It provides container-level context into detected threats, such as containers repurposed for cryptocurrency mining or unusual activity indicating unauthorized code execution on your container. With GuardDuty ECS Runtime Monitoring, you get the same fully managed runtime threat detection for your serverless container environment. Security and infrastructure teams can then more easily coordinate the onboarding and maintenance of their security coverage. Now, no matter where you run your AWS managed container workloads, you have the broadest runtime threat detection visibility available.

You can enable GuardDuty ECS Runtime Monitoring with a few steps in the GuardDuty console. It is compatible with AWS Organizations, so you can centrally enable runtime threat detection coverage for accounts and workloads across the organization. 

GuardDuty ECS Runtime Monitoring is now available in all AWS Regions where GuardDuty is available, excluding AWS GovCloud (US) Regions and AWS China Regions. 

To get started, consult the following list of resources:

December 12, 2023: This post has been updated to reflect runtime security monitoring support for covered AWS workloads.