As more and more companies start to adopt cloud services to enable remote work and reduce the need for on-prem solutions more and more attackers are starting to target cloud environments. Since cloud is still relatively new a lot of companies make simple mistakes that enable attackers to easily steal sensitive information or pivot from cloud infrastructure to internal applications/systems. As these attacks started to increase cloud providers started to offer solutions to natively detect possible malicious activity within the cloud environments. A reasonably good solution by AWS is GuardDuty.