GuardDuty: any accounts created prior to Organization set-up need to be added

tomwwright / littleorange

Minimalist AWS multi-account cloud leveraging CloudFormation and Lambda.

GNU General Public License v3.0

4 stars 1 forks source link

GuardDuty: any accounts created prior to Organization set-up need to be added #12

Closed tomwwright closed 3 years ago

tomwwright commented 3 years ago

Additionally, apparently GuardDuty needs to be enabled in the Master account manually before it can be added

tomwwright commented 3 years ago

CreateMembers is correct API to enable member account in Organization from delegated master

aws guardduty create-members --detector-id 1abxxxx27c9b20635ca0f4 --account-details AccountId=13xxx8372,Email=little.oranxxxxx@gmail.com

tomwwright commented 3 years ago

Security/GuardDuty.yaml Stack and Stack Set have been created to allow for any accounts created before Organization set-up to be enrolled with the master account