Guardduty on AWS organization vs individual accounts


Hi, One of my cust has an AWS Organization & control tower with about 15 accounts. I wanted to enable Guardduty to about 10 accounts in them. Is it better to do at individual account level or in AWS org. Are there any cost implications if done from AWS org. Thanks.

1 Answer
Accepted Answer

To answer the questions in reverse order for you, there are no additional AWS cost implications by managing Amazon GuardDuty at the AWS Organizations level. By managing it at the AWS Organizations level however, you can consolidate findings into a central view and manage account enrollment centrally, thereby saving time and effort by not having to log into each account individually or do additional work to export results from each account.

Technically you still do enable GuardDuty in each individual account, but doing it at the Organization level makes the task centralized and efficient.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions