Unable to Activate GuardDuty Malware Protection in an Organization from a Delegated Account
0
We have an AWS Organization, designated an account for Security where we have enable GuardDuty and works fine. Today we wanted to enable the new capability of Malware Protection but when trying to enable via the Delegated Account is fails with the following message: "The request failed because you do not have required AWS Organization master permission."
I'm a user with Administrator policy, don't know what master permission means ?
Any though ?
Kind Regards.
질문됨 2년 전1786회 조회
1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
2
Please enable malware protection in the management account.
aws organizations enable-aws-service-access --service-principal malware-protection.guardduty.amazonaws.com
From then on, malware protection can be enabled for member accounts from a delegated administrator account.
답변함 2년 전
Thank you very much, it worked, about the documentation the CLI command has a type, it says "organization" instead of the correct service "organizations" as your example says. Thanks again.
When I am trying to run this command I am getting Access Denied error. I have checked the IAM permissions and this access is present but I don't understand why it is still erroring? Can you help @hayao-k?