Amazon Guard Duty is a special level of security layer that can be used to trace the unauthorized activities for your AWS Cloud Services.

CloudTrail
    About: Recording all Users & Access Keys based activities and its event.

VPC Flow Logs
    About: Monitoring IP Traffic from Amazon EC2 Network interface. This flow log we have to create with respect to instance IP Address.

DNS Logs
    About: Monitoring the suspicious request through DNS Resolver.

Please create the log stream in the following the places and then you can see the findings in your Amazon Guard Duty.