We have enabled vpc flow logs which are stored in s3 bucket. We have also enabled guard duty and i see it analyze vpc logs.
Anybody have suggestions, do we still need Athena table to point to S3 bucket for analyzing logs Or guard duty is sufficient
It depends on what you want to achieve.
Guardduty is a detection system, it will produce findings based on its heuristics. If you are fine just with that, that would be enough.
If you expect to have to dig deeper (i.e. not only "hey, this happened", but also "what is the pattern here"), then manual analysis might be in order. I would say both things are complimentary and since you don't pay for Athena if you're not using it, have some queries prepared and run them if you can't get full picture from Guardduty.