- Newest
- Most votes
- Most comments
Hi There
An account that is designated as a delegated administrator becomes a GuardDuty administrator account, has GuardDuty automatically enabled in the designated Region, and is granted permission to enable and manage GuardDuty for all accounts in the organization within that Region. The other accounts in the organization can be viewed and added as GuardDuty member accounts associated with the delegated administrator account.
Not recommended to set your organization's management account as the delegated administrator. Your organization's management account can be the delegated administrator, but this is not recommended based on AWS Security best practices following the principle of least privilege.
Ref: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html
Relevant content
- Accepted Answerasked 3 months ago
- asked 4 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 years ago