AWS GuardDuty Member

This page shows how to write Terraform and CloudFormation for GuardDuty Member and write them securely.

code-icon

Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.

get-started-button

Terraform Example (aws_guardduty_member)

Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the aws_guardduty_invite_accepter resource.

Parameters

Example Usage (from GitHub)

github-iconUKHomeOffice/acp-tf-GuardDuty-Masteraccount
resource "aws_guardduty_member" "eu_west_3" {
  count              = length(var.accounts)
  account_id         = element(keys(var.accounts), count.index)
  detector_id        = aws_guardduty_detector.eu_west_3.id
  email              = var.accounts[element(keys(var.accounts), count.index)]
  invite             = true
github-icontintulip/cla-organisation
resource "aws_guardduty_member" "root" {
  account_id  = "048191938814"
  detector_id = data.aws_guardduty_detector.audit_detector_enabled_by_delegation.id
  email       = "james.gumbley@cabinetoffice.gov.uk"
  invite      = false
}
github-iconDNXLabs/terraform-aws-security-baseline
resource "aws_guardduty_member" "member" {
  count    = var.guardduty ? 1 : 0
  provider = aws.master

  account_id                 = aws_guardduty_detector.member[0].account_id
  detector_id                = try(var.guardduty_detector_id, aws_guardduty_detector.primary.id)
github-iconDNXLabs/terraform-aws-audit-member
resource "aws_guardduty_member" "member" {
  count = var.guardduty ? 1 : 0

  account_id                 = aws_guardduty_detector.member[0].account_id
  detector_id                = var.guardduty_detector_id
  email                      = var.email

CloudFormation Example (AWS::GuardDuty::Member)

You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

Parameters

Frequently asked questions

What is AWS GuardDuty Member?

AWS GuardDuty Member is a resource for GuardDuty of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS GuardDuty Member?

For Terraform, the UKHomeOffice/acp-tf-GuardDuty-Masteraccount, tintulip/cla-organisation and DNXLabs/terraform-aws-security-baseline source code examples are useful. See the Terraform Example section for further details.