Merge pull request #43174 from acwwat/d-aws_guardduty_detector_feature-add_extended_threat_detection_for_eks

ewbankkit · web-flow · commit 1a5ea8237f81 · 2025-06-25T09:49:28.000-04:00
docs: Add extended threat detection for EKS info and example to aws_guardduty_detector_feature doc
diff --git a/website/docs/r/guardduty_detector_feature.html.markdown b/website/docs/r/guardduty_detector_feature.html.markdown
@@ -19,6 +19,28 @@ resource "aws_guardduty_detector" "example" {
   enable = true
 }
 
+resource "aws_guardduty_detector_feature" "s3_protection" {
+  detector_id = aws_guardduty_detector.example.id
+  name        = "S3_DATA_EVENTS"
+  status      = "ENABLED"
+}
+```
+
+## Extended Threat Detection for EKS
+
+To enable GuardDuty [Extended Threat Detection](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html) for EKS, you need at least one of these features enabled: [EKS Protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html) or [Runtime Monitoring}(https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring-configuration.html). For maximum detection coverage, enabling both is recommended to enhance detection capabilities.
+
+```terraform
+resource "aws_guardduty_detector" "example" {
+  enable = true
+}
+
+resource "aws_guardduty_detector_feature" "eks_protection" {
+  detector_id = aws_guardduty_detector.example.id
+  name        = "EKS_AUDIT_LOGS"
+  status      = "ENABLED"
+}
+
 resource "aws_guardduty_detector_feature" "eks_runtime_monitoring" {
   detector_id = aws_guardduty_detector.example.id
   name        = "EKS_RUNTIME_MONITORING"
