Guardduty on AWS organization vs individual accounts
Hi, One of my cust has an AWS Organization & control tower with about 15 accounts. I wanted to enable Guardduty to about 10 accounts in them. Is it better to do at individual account level or in AWS org. Are there any cost implications if done from AWS org. Thanks.
To answer the questions in reverse order for you, there are no additional AWS cost implications by managing Amazon GuardDuty at the AWS Organizations level. By managing it at the AWS Organizations level however, you can consolidate findings into a central view and manage account enrollment centrally, thereby saving time and effort by not having to log into each account individually or do additional work to export results from each account.
Technically you still do enable GuardDuty in each individual account, but doing it at the Organization level makes the task centralized and efficient.
Using Cloud Trail Console to view all events in multi-account CloudTrail ( created via Organizations )Accepted Answerasked 17 days ago
Enabling GuardDuty via OrganisationsAccepted Answerasked 5 months ago
SecurityHub member accounts stuck in "Enabling in process" for over a dayasked 5 months ago
Control Tower Account Factory for Terraform (AFT) not creating accounts as expectedasked 3 months ago
Transit Gateway shared with AWS Resource Access Manager (AWS RAM) identify all accounts as externalAccepted Answerasked 3 years ago
Creating an Organization under a sub-accountAccepted Answerasked 2 months ago
AWS Organization account has consolidated billing but got multiple invoices?asked 25 days ago
Error about AWS Config in Master Account after setting up Control Tower and SecurityHubasked 4 months ago
Effect Of Service Control Policy on Delegated Administrator AccountAccepted Answerasked 4 months ago
Guardduty on AWS organization vs individual accountsAccepted Answerasked 4 months ago