Resource: aws_guardduty_organization_configuration

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g., via the aws_guardduty_organization_admin_account resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

Example Usage

resource "aws_guardduty_detector" "example" {
  enable = true
}

resource "aws_guardduty_organization_configuration" "example" {
  auto_enable_organization_members = "ALL"

  detector_id = aws_guardduty_detector.example.id

  datasources {
    s3_logs {
      auto_enable = true
    }
    kubernetes {
      audit_logs {
        enable = true
      }
    }
    malware_protection {
      scan_ec2_instance_with_findings {
        ebs_volumes {
          auto_enable = true
        }
      }
    }
  }
}

Argument Reference

This argument supports the following arguments:

datasources supports the following:

S3 Logs

s3_logs block supports the following:

Kubernetes

kubernetes block supports the following:

Kubernetes Audit Logs

The audit_logs block supports the following:

Malware Protection

malware_protection block supports the following:

Scan EC2 instance with findings

The scan_ec2_instance_with_findings block supports the following:

EBS volumes

The ebs_volumes block supports the following:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import GuardDuty Organization Configurations using the GuardDuty Detector ID. For example:

import {
  to = aws_guardduty_organization_configuration.example
  id = "00b00fd5aecc0ab60a708659477e9617"
}

Using terraform import, import GuardDuty Organization Configurations using the GuardDuty Detector ID. For example:

% terraform import aws_guardduty_organization_configuration.example 00b00fd5aecc0ab60a708659477e9617