Skip to content

Resource: awsGuarddutyOrganizationConfiguration

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g., via the awsGuarddutyOrganizationAdminAccount resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

\~> NOTE: This is an advanced Terraform resource. Terraform will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the Terraform configuration.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsGuarddutyDetectorExample = new aws.guarddutyDetector.GuarddutyDetector(
  this,
  "example",
  {
    enable: true,
  }
);
const awsGuarddutyOrganizationConfigurationExample =
  new aws.guarddutyOrganizationConfiguration.GuarddutyOrganizationConfiguration(
    this,
    "example_1",
    {
      autoEnable: true,
      datasources: {
        kubernetes: {
          auditLogs: {
            enable: true,
          },
        },
        malwareProtection: {
          scanEc2InstanceWithFindings: {
            ebsVolumes: {
              autoEnable: true,
            },
          },
        },
        s3Logs: {
          autoEnable: true,
        },
      },
      detectorId: awsGuarddutyDetectorExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsGuarddutyOrganizationConfigurationExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • autoEnable - (Required) When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
  • detectorId - (Required) The detector ID of the GuardDuty account.
  • datasources - (Optional) Configuration for the collected datasources.

datasources supports the following:

  • s3Logs - (Optional) Enable S3 Protection automatically for new member accounts.
  • kubernetes - (Optional) Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
  • malwareProtection - (Optional) Enable Malware Protection automatically for new member accounts.

S3 Logs

s3Logs block supports the following:

  • autoEnable - (Optional) Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false

Kubernetes

kubernetes block supports the following:

Kubernetes Audit Logs

The auditLogs block supports the following:

  • enable - (Required) If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.

Malware Protection

malwareProtection block supports the following:

Scan EC2 instance with findings

The scanEc2InstanceWithFindings block supports the following:

  • ebsVolumes - (Required) Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.

EBS volumes

The ebsVolumes block supports the following:

  • autoEnable - (Required) If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - Identifier of the GuardDuty Detector.

Import

GuardDuty Organization Configurations can be imported using the GuardDuty Detector ID, e.g.,

$ terraform import aws_guardduty_organization_configuration.example 00b00fd5aecc0ab60a708659477e9617