- Newest
- Most votes
- Most comments
In a multi-account environment, only GuardDuty administrator accounts can configure malware protection. GuardDuty administrator accounts can enable or disable the use of Malware Protection for their member accounts. Once the administrator configures GuardDuty Malware Protection for a member account, the member account will follow the administrator account settings and be unable to modify these settings through the console. If the GuardDuty delegated administrator is not the same as management account in the AWS Organization, the management account must first enable malware protection feature for their Organization in GuardDuty. This way, the delegated administrator can get permissions to create the service-linked role (SLR) for GuardDuty Malware Protection in member accounts that are managed through AWS Organizations.
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago