reference deployment

Tines for Amazon GuardDuty

Helps cloud-security engineers remediate GuardDuty alerts

This Partner Solution deploys Tines no-code automation in the Amazon Web Services (AWS) Cloud to help cloud-security engineers triage Amazon GuardDuty findings. This architecture automates repetitive manual tasks so that the engineers can focus on responding to potential threats, for example, by changing AWS security groups.

Tines customers use this solution's AWS CloudFormation template to automatically create an Amazon Simple Notification Service (Amazon SNS) topic, subscribe the topic to a webhook, and set up rules that trigger an alert when GuardDuty findings are detected.

For more information, refer to AWS Partner Solution using GuardDuty findings and remediation actions in the Tines story library.

Tines logo

This Partner Solution was developed by Tines in collaboration with AWS. Tines is an AWS Partner.

  •  What you'll build
  • This Partner Solution sets up the following:

    • An AWS CloudFormation stack that creates the infrastructure.
    • An AWS Lambda function that enables GuardDuty in the selected AWS Region if it is not already enabled.
    • An AWS Identity and Access Management (IAM) role for the Lambda function to assume.
    • GuardDuty to detect threats.
    • An Amazon EventBridge rule that sends GuardDuty findings to an SNS topic.
    • An SNS topic that delivers the GuardDuty findings to a Tines webhook address.
  •  How to deploy
  • To deploy this Partner Solution, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to your AWS account. If you don't have an account, sign up at
    2. Import the Tines story AWS Partner Solution using GuardDuty findings and remediation actions into your Tines tenant.
    3. Deploy the Partner Solution. The stack takes about 15 minutes to deploy. Before you create the stack, choose the Region from the top toolbar.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?