By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Enabling GuardDuty via Organisations

0

I would like to enable GuardDuty via Organisations, and would like to know whether the existing member accounts on the main administrative account (by invitation) switch to 'enabled via Organisations' automatically. Also, can I designate a GuardDuty administrator account from outside the organisation (being from a separate organisation).

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Amazon GuardDutyAWS OrganizationsAWS Account Management
Language
English
Ayse Vlok
asked 2 years ago2080 views
2 Answers
2
Accepted Answer

If you have already set up a GuardDuty administrator with associated member accounts by invitation, and the member accounts are part of the same organization, their Type changes from by Invitation to via Organizations when you set a GuardDuty delegated administrator for your organization.

If the new delegated administrator previously added members by invitation that are not part of the same organization, their Type is by Invitation. In both cases, these previously added accounts are member accounts to the organization's GuardDuty delegated administrator.

You cannot designate an account outside of your organization as a GuardDuty administrator account.

profile pictureAWS
Alex_AWS
answered 2 years ago
AWS
EXPERT
Luca_I
reviewed 2 years ago
0

You cannot delegate Admin to an account outside of your organization as it uses Org based roles for access across the accounts.

You can find more information about enabling org wide integration in the AWS docs: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html

profile pictureAWS
EXPERT
Rob_H
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content