GuardDuty Delegate Admin doesn't have GD enabled

Question

We enabled GuardDuty at the Org-level and delegated the primary/management Account. However, in the GD console at the delegated account, the primary/management Account isn't listed. It seems as though the delegate admin doesn't have GuardDuty enabled.

How do you enable GD detections on the delegate admin when it is also the primary/management Account?

Might be similar to https://repost.aws/questions/QULax-FQ6UQHW0gcW8qwEIPQ/iam-access-analyzer-delegated-admin-and-org-configuration-doesnt-pick-up-root-account

Answer

Hi There

An account that is designated as a delegated administrator becomes a GuardDuty administrator account, **has GuardDuty automatically enabled in the designated Region**, and is granted permission to enable and manage GuardDuty for all accounts in the organization within that Region. The other accounts in the organization can be viewed and added as GuardDuty member accounts associated with the delegated administrator account.

**Not recommended to set your organization's management account as the delegated administrator.**
Your organization's management account can be the delegated administrator, but this is not recommended based on AWS Security best practices following the principle of least privilege.

Ref: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html

GuardDuty Delegate Admin doesn't have GD enabled

관련 콘텐츠