Macie - Automatically enable and add new organization accounts as Macie member accounts

[liamraeAL]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Right now there is no way to trigger the auto_enable functionality in Macie - allowing us to auto-enrol new accounts in the organisation. This functionality is possible via the AWS Console, and the AWS API.

To automatically enable and add new Macie member accounts programmatically, use the UpdateOrganizationConfiguration operation of the Amazon Macie API. When you submit your request, set the value for the autoEnable parameter to true. (The default value is false.) Also ensure that you specify the Region that your request applies to. To automatically enable and add new accounts in additional Regions, submit the request for each additional Region.

If you use the AWS CLI to submit the request, run the update-organization-configuration command and specify the auto-enable parameter to enable and add new accounts automatically. For example: aws macie2 update-organization-configuration --region us-east-1 --auto-enable

New or Affected Resource(s)

• aws_macie_organization_configuration

Potential Terraform Configuration

resource "aws_macie_organization_configuration" "org_config" {
  auto_enable = true
  account_id = aws_macie2_account.this.id
}

References

• Managing Amazon Macie accounts with AWS Organizations
• Integrating and configuring an organization in Amazon Macie

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!