From 52d85f674430a0060fd900efa81daabc40f104c9 Mon Sep 17 00:00:00 2001
From: Marwin Baumann <mbaumann@schubergphilis.com>
Date: Thu, 26 Sep 2024 18:33:32 +0200
Subject: [PATCH] update upgrading.md

---
 UPGRADING.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 guardduty.tf |  1 +
 2 files changed, 46 insertions(+)

diff --git a/UPGRADING.md b/UPGRADING.md
index 5b12094c..30b5ceb2 100644
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -2,6 +2,51 @@
 
 This document captures required refactoring on your part when upgrading to a module version that contains breaking changes.
 
+## Upgrading to v4.0.0
+
+### Behaviour
+
+Using the default `aws_guardduty` values:
+* `EKS_RUNTIME_MONITORING` gets removed from the state (but not disabled)
+* `RUNTIME_MONITORING` is enabled including `ECS_FARGATE_AGENT_MANAGEMENT`, `EC2_AGENT_MANAGEMENT`, and `EKS_ADDON_MANAGEMENT`.
+
+* You need to disable `EKS_RUNTIME_MONITORING` yourself after upgrading. The commands to do so are described [in the PR](https://github.com/schubergphilis/terraform-aws-mcaf-landing-zone/pull/210).
+
+### Variables
+
+The following variables have been replaced:
+* `aws_guardduty.eks_runtime_monitoring_status` -> `aws_guardduty.runtime_monitoring_status.enabled`
+* `aws_guardduty.eks_addon_management_status` -> `aws_guardduty.runtime_monitoring_status.eks_addon_management_status`
+
+The following variables have been introduced:
+* `aws_guardduty.runtime_monitoring_status.ecs_fargate_agent_management_status`
+* `aws_guardduty.runtime_monitoring_status.ec2_agent_management_status`
+
+## Upgrading to v3.0.0
+
+### Behaviour
+
+This version add Control Tower 3.x support. Upgrade to Control Tower 3.x before upgrading to this version.
+
+## Upgrading to v2.0.0
+
+### Behaviour
+
+This version sets the minimum required aws provider version from v4 to v5.
+
+### Variables
+
+The following variables have been replaced:
+* `aws_guardduty.datasources.malware_protection` -> `aws_guardduty.ebs_malware_protection_status`
+* `aws_guardduty.datasources.kubernetes` -> `aws_guardduty.eks_audit_logs_status`
+* `aws_guardduty.datasources.s3_logs` -> `aws_guardduty.s3_data_events_status`
+
+The following variables have been introduced:
+* `aws_guardduty.eks_addon_management_status`
+* `aws_guardduty.eks_runtime_monitoring_status`
+* `aws_guardduty.lambda_network_logs_status`
+* `aws_guardduty.rds_login_events_status`
+
 ## Upgrading to v1.0.0
 
 ### Behaviour
diff --git a/guardduty.tf b/guardduty.tf
index 244be95e..d9402077 100644
--- a/guardduty.tf
+++ b/guardduty.tf
@@ -7,6 +7,7 @@ resource "aws_guardduty_organization_admin_account" "audit" {
 
 // AWS GuardDuty - Audit account configuration
 resource "aws_guardduty_detector" "audit" {
+  #checkov:skip=CKV_AWS_238,CKV2_AWS_3: "Ensure that GuardDuty detector is enabled" - False positive, GuardDuty is enabled by default.
   provider = aws.audit
 
   enable                       = var.aws_guardduty.enabled