Skip to content

Managed Rules

The RDK is able to deploy AWS Managed Rules.

To do so, create a rule using rdk create and provide a valid SourceIdentifier via the --source-identifier CLI option. The list of Managed Rules can be found here , and note that the Identifier can be obtained by replacing the dashes with underscores and using all capitals (for example, the "guardduty-enabled-centralized" rule has the SourceIdentifier "GUARDDUTY_ENABLED_CENTRALIZED"). Just like custom Rules you will need to specify source events and/or a maximum evaluation frequency, and also pass in any Rule parameters. The resulting Rule directory will contain only the parameters.json file, but using rdk deploy or rdk create-rule-template can be used to deploy the Managed Rule like any other Custom Rule.