I am planning to use Guard Duty for Malware protection on our EC2 instances. As per docs, there are two types of scans Guard Duty initiated scans and on-demand scans.
My question is - Is having snapshots of the attached EBS volumes an absolute requirement for these scans? The docs are confusing. At times they say that Guard Duty creates a replica from the attached EBS volumes to that instance and sometimes they say that it creates replica from the snapshot. Can someone please confirm this bit if EBS snapshot policy is a must for Guard Duty instance scan for Malware protection. Like you need to enable EBS snapshot policy for the EC2 instances for the scan?
I tried to read through the docs but it seems like EBS snapshots are required for Inspector but not for Guard Duty scans for Malware protection but can someone confirm please who might have used it in their environment.
Did PoC. Guard Duty itself creates snapshot and shares it with GD service account. No need to have EBS snapshots in advance of using Guard Duty Malware protection feature.