By using AWS re:Post, you agree to the Terms of Use
/Enabling GuardDuty via Organisations/

Enabling GuardDuty via Organisations


I would like to enable GuardDuty via Organisations, and would like to know whether the existing member accounts on the main administrative account (by invitation) switch to 'enabled via Organisations' automatically. Also, can I designate a GuardDuty administrator account from outside the organisation (being from a separate organisation).

2 Answers
Accepted Answer

If you have already set up a GuardDuty administrator with associated member accounts by invitation, and the member accounts are part of the same organization, their Type changes from by Invitation to via Organizations when you set a GuardDuty delegated administrator for your organization.

If the new delegated administrator previously added members by invitation that are not part of the same organization, their Type is by Invitation. In both cases, these previously added accounts are member accounts to the organization's GuardDuty delegated administrator.

You cannot designate an account outside of your organization as a GuardDuty administrator account.

answered 7 months ago
reviewed 7 months ago

You cannot delegate Admin to an account outside of your organization as it uses Org based roles for access across the accounts.

You can find more information about enabling org wide integration in the AWS docs:

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions