Top / Amazon Web Service / AWS GuardDuty / Organization Configuration

AWS GuardDuty Organization Configuration

This page shows how to write Terraform and CloudFormation for GuardDuty Organization Configuration and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_guardduty_organization_configuration (Terraform)

The Organization Configuration in GuardDuty can be configured in Terraform with the resource name aws_guardduty_organization_configuration. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L9
resource "aws_guardduty_organization_configuration" "example" {
  auto_enable = true
  detector_id = aws_guardduty_detector.ok.id
}

resource "aws_guardduty_detector" "not_ok_false" {
main.tf#L9
resource "aws_guardduty_organization_configuration" "example" {
  auto_enable = true
  detector_id = aws_guardduty_detector.ok.id
}

resource "aws_guardduty_detector" "not_ok_false" {
aws_guardduty_detector.master.tf#L5
resource "aws_guardduty_organization_configuration" "example" {
  auto_enable = true
  detector_id = aws_guardduty_detector.master.id
}
main.tf#L16
resource "aws_guardduty_organization_configuration" "guardduty_organization_configuration" {
  auto_enable = true
  detector_id = aws_guardduty_detector.guardduty_detector.id
}
main.tf#L7
resource "aws_guardduty_organization_configuration" "this" {
  auto_enable = var.auto_enable
  detector_id = var.detector_id
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g., via the aws_guardduty_organization_admin_account resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

NOTE: This is an advanced Terraform resource. Terraform will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the Terraform configuration.

>> from Terraform Registry

AWS::GuardDuty::Member (CloudFormation)

The Member in GuardDuty can be configured in CloudFormation with the resource name AWS::GuardDuty::Member. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

>> from AWS CloudFormation Documentation

The Other Related AWS GuardDuty Resources

Frequently asked questions

What is AWS GuardDuty Organization Configuration?

AWS GuardDuty Organization Configuration is a resource for GuardDuty of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS GuardDuty Organization Configuration?

For Terraform, the SnidermanIndustries/checkov-fork, melscoop-test/check and JamesWoolfenden/terraform-aws-guardduty source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents