AWS GuardDuty Organization Configuration
This page shows how to write Terraform and CloudFormation for GuardDuty Organization Configuration and write them securely.
aws_guardduty_organization_configuration (Terraform)
The Organization Configuration in GuardDuty can be configured in Terraform with the resource name aws_guardduty_organization_configuration
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_guardduty_organization_configuration" "example" {
auto_enable = true
detector_id = aws_guardduty_detector.ok.id
}
resource "aws_guardduty_detector" "not_ok_false" {
resource "aws_guardduty_organization_configuration" "example" {
auto_enable = true
detector_id = aws_guardduty_detector.ok.id
}
resource "aws_guardduty_detector" "not_ok_false" {
resource "aws_guardduty_organization_configuration" "example" {
auto_enable = true
detector_id = aws_guardduty_detector.master.id
}
resource "aws_guardduty_organization_configuration" "guardduty_organization_configuration" {
auto_enable = true
detector_id = aws_guardduty_detector.guardduty_detector.id
}
resource "aws_guardduty_organization_configuration" "this" {
auto_enable = var.auto_enable
detector_id = var.detector_id
}
Parameters
-
auto_enable
required - bool -
detector_id
required - string -
id
optional computed - string
Explanation in Terraform Registry
Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g., via the
aws_guardduty_organization_admin_account
resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.NOTE: This is an advanced Terraform resource. Terraform will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the Terraform configuration.
AWS::GuardDuty::Member (CloudFormation)
The Member in GuardDuty can be configured in CloudFormation with the resource name AWS::GuardDuty::Member
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
Status
optional - String -
MemberId
required - String -
Email
required - String -
Message
optional - String -
DisableEmailNotification
optional - Boolean -
DetectorId
required - String
Explanation in CloudFormation Registry
You can use the
AWS::GuardDuty::Member
resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. If the value of theStatus
property is not provided or is set toCreated
, a member account is created but not invited. If the value of theStatus
property is set toInvited
, a member account is created and invited. AnAWS::GuardDuty::Member
resource must be created with theStatus
property set toInvited
before theAWS::GuardDuty::Master
resource can be created in a GuardDuty member account.
Frequently asked questions
What is AWS GuardDuty Organization Configuration?
AWS GuardDuty Organization Configuration is a resource for GuardDuty of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS GuardDuty Organization Configuration?
For Terraform, the SnidermanIndustries/checkov-fork, melscoop-test/check and JamesWoolfenden/terraform-aws-guardduty source code examples are useful. See the Terraform Example section for further details.