By using AWS re:Post, you agree to the Terms of Use

Unable to Activate GuardDuty Malware Protection in an Organization from a Delegated Account

0

We have an AWS Organization, designated an account for Security where we have enable GuardDuty and works fine. Today we wanted to enable the new capability of Malware Protection but when trying to enable via the Delegated Account is fails with the following message: "The request failed because you do not have required AWS Organization master permission."

Error

I'm a user with Administrator policy, don't know what master permission means ?

Any though ?

Kind Regards.

1 Answers
1
Accepted Answer

Please enable malware protection in the management account.

aws organizations enable-aws-service-access --service-principal malware-protection.guardduty.amazonaws.com

From then on, malware protection can be enabled for member accounts from a delegated administrator account.

https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html#configure-malware-protection-multi-account

profile picture
answered 19 days ago
  • Thank you very much, it worked, about the documentation the CLI command has a type, it says "organization" instead of the correct service "organizations" as your example says. Thanks again.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions