SRE-67: Add AWS GuardDuty configuration for security monitoring (#8006)

Author: TimDiekmann

infra/terraform/hash/security.tf

@@ -0,0 +1,30 @@
+# AWS GuardDuty configuration
+# Provides threat detection and continuous security monitoring
+
+resource "aws_guardduty_detector" "main" {
+  enable = true
+
+  datasources {
+    s3_logs {
+      enable = true
+    }
+    kubernetes {
+      audit_logs {
+        enable = true
+      }
+    }
+    malware_protection {
+      scan_ec2_instance_with_findings {
+        ebs_volumes {
+          enable = true
+        }
+      }
+    }
+  }
+
+  tags = {
+    Name    = "${local.prefix}-guardduty-detector"
+    Service = "security"
+    Purpose = "Threat detection and intrusion monitoring"
+  }
+}