AWS GuardDuty Member
This page shows how to write Terraform and CloudFormation for GuardDuty Member and write them securely.
aws_guardduty_member (Terraform)
The Member in GuardDuty can be configured in Terraform with the resource name aws_guardduty_member
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_guardduty_member" "eu_west_3" {
count = length(var.accounts)
account_id = element(keys(var.accounts), count.index)
detector_id = aws_guardduty_detector.eu_west_3.id
email = var.accounts[element(keys(var.accounts), count.index)]
invite = true
resource "aws_guardduty_member" "root" {
account_id = "048191938814"
detector_id = data.aws_guardduty_detector.audit_detector_enabled_by_delegation.id
email = "james.gumbley@cabinetoffice.gov.uk"
invite = false
}
resource "aws_guardduty_member" "member" {
count = var.guardduty ? 1 : 0
provider = aws.master
account_id = aws_guardduty_detector.member[0].account_id
detector_id = try(var.guardduty_detector_id, aws_guardduty_detector.primary.id)
resource "aws_guardduty_member" "member" {
count = var.guardduty ? 1 : 0
account_id = aws_guardduty_detector.member[0].account_id
detector_id = var.guardduty_detector_id
email = var.email
Parameters
-
account_id
required - string -
detector_id
required - string -
disable_email_notification
optional - bool -
email
required - string -
id
optional computed - string -
invitation_message
optional - string -
invite
optional - bool -
relationship_status
optional computed - string -
timeouts
single block
Explanation in Terraform Registry
Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the
aws_guardduty_invite_accepter
resource.
AWS::GuardDuty::Member (CloudFormation)
The Member in GuardDuty can be configured in CloudFormation with the resource name AWS::GuardDuty::Member
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
Status
optional - String -
MemberId
required - String -
Email
required - String -
Message
optional - String -
DisableEmailNotification
optional - Boolean -
DetectorId
required - String
Explanation in CloudFormation Registry
You can use the
AWS::GuardDuty::Member
resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. If the value of theStatus
property is not provided or is set toCreated
, a member account is created but not invited. If the value of theStatus
property is set toInvited
, a member account is created and invited. AnAWS::GuardDuty::Member
resource must be created with theStatus
property set toInvited
before theAWS::GuardDuty::Master
resource can be created in a GuardDuty member account.
Frequently asked questions
What is AWS GuardDuty Member?
AWS GuardDuty Member is a resource for GuardDuty of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS GuardDuty Member?
For Terraform, the UKHomeOffice/acp-tf-GuardDuty-Masteraccount, tintulip/cla-organisation and DNXLabs/terraform-aws-security-baseline source code examples are useful. See the Terraform Example section for further details.