My Saved Presets
You must be logged in to view saved presets

Loading Library ...

GuardDuty Organization Configuration with Enhanced Security Features

This template configures AWS GuardDuty for an organization, enabling it for all members and setting up enhanced security features such as S3 logs, Kubernetes audit logs, and malware protection for EC2 instances.

example

aws_guardduty_detector

datasources
s3_logs
kubernetes
audit_logs
malware_protection
scan_ec2_instance_with_findings
ebs_volumes

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_guardduty_organization_configuration



datasources
s3_logs
kubernetes
audit_logs
malware_protection
scan_ec2_instance_with_findings
ebs_volumes

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

resource "aws_guardduty_detector" "example" {
  enable = true
}

resource "aws_guardduty_organization_configuration" "example" {
  auto_enable_organization_members = "ALL"

  datasources {

    kubernetes {

      audit_logs {
        enable = true
      }
    }

    malware_protection {

      scan_ec2_instance_with_findings {

        ebs_volumes {
          auto_enable = true
        }
      }
    }

    s3_logs {
      auto_enable = true
    }
  }
  detector_id = aws_guardduty_detector.example.id
  auto_enable = ""
}

© 2024 asecurecloud. All rights reserved.