ResourceConsumption
The ResourceConsumption:IAMUser/ComputeResources GuardDuty finding triggers when an API is detected that aims to launch computer resources into the account (EC2). We could bypass this finding type by avoiding the usage of the RunInstances EC2 API within a region monitored by GuardDuty. If every region is not being monitored, we could just launch our EC2 instances in an unmonitored region; however, if every region is being monitored, then we could bypass this by just completely avoiding the API call or by using another AWS service to launch the servers that we need.
We could do this by using one of the many services within AWS that also launch servers, some of which include Lightsail instances, Glue development endpoints, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access