aws.guardduty.OrganizationConfiguration
Explore with Pulumi AI
Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g., via the aws.guardduty.OrganizationAdminAccount resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.
NOTE: This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.guardduty.Detector("example", {enable: true});
const exampleOrganizationConfiguration = new aws.guardduty.OrganizationConfiguration("example", {
    autoEnableOrganizationMembers: "ALL",
    detectorId: example.id,
    datasources: {
        s3Logs: {
            autoEnable: true,
        },
        kubernetes: {
            auditLogs: {
                enable: true,
            },
        },
        malwareProtection: {
            scanEc2InstanceWithFindings: {
                ebsVolumes: {
                    autoEnable: true,
                },
            },
        },
    },
});
import pulumi
import pulumi_aws as aws
example = aws.guardduty.Detector("example", enable=True)
example_organization_configuration = aws.guardduty.OrganizationConfiguration("example",
    auto_enable_organization_members="ALL",
    detector_id=example.id,
    datasources={
        "s3_logs": {
            "auto_enable": True,
        },
        "kubernetes": {
            "audit_logs": {
                "enable": True,
            },
        },
        "malware_protection": {
            "scan_ec2_instance_with_findings": {
                "ebs_volumes": {
                    "auto_enable": True,
                },
            },
        },
    })
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/guardduty"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := guardduty.NewDetector(ctx, "example", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewOrganizationConfiguration(ctx, "example", &guardduty.OrganizationConfigurationArgs{
			AutoEnableOrganizationMembers: pulumi.String("ALL"),
			DetectorId:                    example.ID(),
			Datasources: &guardduty.OrganizationConfigurationDatasourcesArgs{
				S3Logs: &guardduty.OrganizationConfigurationDatasourcesS3LogsArgs{
					AutoEnable: pulumi.Bool(true),
				},
				Kubernetes: &guardduty.OrganizationConfigurationDatasourcesKubernetesArgs{
					AuditLogs: &guardduty.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs{
						Enable: pulumi.Bool(true),
					},
				},
				MalwareProtection: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionArgs{
					ScanEc2InstanceWithFindings: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs{
						EbsVolumes: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs{
							AutoEnable: pulumi.Bool(true),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() => 
{
    var example = new Aws.GuardDuty.Detector("example", new()
    {
        Enable = true,
    });
    var exampleOrganizationConfiguration = new Aws.GuardDuty.OrganizationConfiguration("example", new()
    {
        AutoEnableOrganizationMembers = "ALL",
        DetectorId = example.Id,
        Datasources = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesArgs
        {
            S3Logs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesS3LogsArgs
            {
                AutoEnable = true,
            },
            Kubernetes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesArgs
            {
                AuditLogs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs
                {
                    Enable = true,
                },
            },
            MalwareProtection = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionArgs
            {
                ScanEc2InstanceWithFindings = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs
                {
                    EbsVolumes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs
                    {
                        AutoEnable = true,
                    },
                },
            },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.guardduty.Detector;
import com.pulumi.aws.guardduty.DetectorArgs;
import com.pulumi.aws.guardduty.OrganizationConfiguration;
import com.pulumi.aws.guardduty.OrganizationConfigurationArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesS3LogsArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesKubernetesArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesMalwareProtectionArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs;
import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Detector("example", DetectorArgs.builder()
            .enable(true)
            .build());
        var exampleOrganizationConfiguration = new OrganizationConfiguration("exampleOrganizationConfiguration", OrganizationConfigurationArgs.builder()
            .autoEnableOrganizationMembers("ALL")
            .detectorId(example.id())
            .datasources(OrganizationConfigurationDatasourcesArgs.builder()
                .s3Logs(OrganizationConfigurationDatasourcesS3LogsArgs.builder()
                    .autoEnable(true)
                    .build())
                .kubernetes(OrganizationConfigurationDatasourcesKubernetesArgs.builder()
                    .auditLogs(OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs.builder()
                        .enable(true)
                        .build())
                    .build())
                .malwareProtection(OrganizationConfigurationDatasourcesMalwareProtectionArgs.builder()
                    .scanEc2InstanceWithFindings(OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs.builder()
                        .ebsVolumes(OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs.builder()
                            .autoEnable(true)
                            .build())
                        .build())
                    .build())
                .build())
            .build());
    }
}
resources:
  example:
    type: aws:guardduty:Detector
    properties:
      enable: true
  exampleOrganizationConfiguration:
    type: aws:guardduty:OrganizationConfiguration
    name: example
    properties:
      autoEnableOrganizationMembers: ALL
      detectorId: ${example.id}
      datasources:
        s3Logs:
          autoEnable: true
        kubernetes:
          auditLogs:
            enable: true
        malwareProtection:
          scanEc2InstanceWithFindings:
            ebsVolumes:
              autoEnable: true
Create OrganizationConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationConfiguration(name: string, args: OrganizationConfigurationArgs, opts?: CustomResourceOptions);@overload
def OrganizationConfiguration(resource_name: str,
                              args: OrganizationConfigurationArgs,
                              opts: Optional[ResourceOptions] = None)
@overload
def OrganizationConfiguration(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              detector_id: Optional[str] = None,
                              auto_enable: Optional[bool] = None,
                              auto_enable_organization_members: Optional[str] = None,
                              datasources: Optional[OrganizationConfigurationDatasourcesArgs] = None)func NewOrganizationConfiguration(ctx *Context, name string, args OrganizationConfigurationArgs, opts ...ResourceOption) (*OrganizationConfiguration, error)public OrganizationConfiguration(string name, OrganizationConfigurationArgs args, CustomResourceOptions? opts = null)
public OrganizationConfiguration(String name, OrganizationConfigurationArgs args)
public OrganizationConfiguration(String name, OrganizationConfigurationArgs args, CustomResourceOptions options)
type: aws:guardduty:OrganizationConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsOrganizationConfigurationResource = new Aws.GuardDuty.OrganizationConfiguration("awsOrganizationConfigurationResource", new()
{
    DetectorId = "string",
    AutoEnableOrganizationMembers = "string",
    Datasources = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesArgs
    {
        Kubernetes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesArgs
        {
            AuditLogs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs
            {
                Enable = false,
            },
        },
        MalwareProtection = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionArgs
        {
            ScanEc2InstanceWithFindings = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs
            {
                EbsVolumes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs
                {
                    AutoEnable = false,
                },
            },
        },
        S3Logs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesS3LogsArgs
        {
            AutoEnable = false,
        },
    },
});
example, err := guardduty.NewOrganizationConfiguration(ctx, "awsOrganizationConfigurationResource", &guardduty.OrganizationConfigurationArgs{
	DetectorId:                    pulumi.String("string"),
	AutoEnableOrganizationMembers: pulumi.String("string"),
	Datasources: &guardduty.OrganizationConfigurationDatasourcesArgs{
		Kubernetes: &guardduty.OrganizationConfigurationDatasourcesKubernetesArgs{
			AuditLogs: &guardduty.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs{
				Enable: pulumi.Bool(false),
			},
		},
		MalwareProtection: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionArgs{
			ScanEc2InstanceWithFindings: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs{
				EbsVolumes: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs{
					AutoEnable: pulumi.Bool(false),
				},
			},
		},
		S3Logs: &guardduty.OrganizationConfigurationDatasourcesS3LogsArgs{
			AutoEnable: pulumi.Bool(false),
		},
	},
})
var awsOrganizationConfigurationResource = new com.pulumi.aws.guardduty.OrganizationConfiguration("awsOrganizationConfigurationResource", com.pulumi.aws.guardduty.OrganizationConfigurationArgs.builder()
    .detectorId("string")
    .autoEnableOrganizationMembers("string")
    .datasources(OrganizationConfigurationDatasourcesArgs.builder()
        .kubernetes(OrganizationConfigurationDatasourcesKubernetesArgs.builder()
            .auditLogs(OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs.builder()
                .enable(false)
                .build())
            .build())
        .malwareProtection(OrganizationConfigurationDatasourcesMalwareProtectionArgs.builder()
            .scanEc2InstanceWithFindings(OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs.builder()
                .ebsVolumes(OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs.builder()
                    .autoEnable(false)
                    .build())
                .build())
            .build())
        .s3Logs(OrganizationConfigurationDatasourcesS3LogsArgs.builder()
            .autoEnable(false)
            .build())
        .build())
    .build());
aws_organization_configuration_resource = aws.guardduty.OrganizationConfiguration("awsOrganizationConfigurationResource",
    detector_id="string",
    auto_enable_organization_members="string",
    datasources={
        "kubernetes": {
            "audit_logs": {
                "enable": False,
            },
        },
        "malware_protection": {
            "scan_ec2_instance_with_findings": {
                "ebs_volumes": {
                    "auto_enable": False,
                },
            },
        },
        "s3_logs": {
            "auto_enable": False,
        },
    })
const awsOrganizationConfigurationResource = new aws.guardduty.OrganizationConfiguration("awsOrganizationConfigurationResource", {
    detectorId: "string",
    autoEnableOrganizationMembers: "string",
    datasources: {
        kubernetes: {
            auditLogs: {
                enable: false,
            },
        },
        malwareProtection: {
            scanEc2InstanceWithFindings: {
                ebsVolumes: {
                    autoEnable: false,
                },
            },
        },
        s3Logs: {
            autoEnable: false,
        },
    },
});
type: aws:guardduty:OrganizationConfiguration
properties:
    autoEnableOrganizationMembers: string
    datasources:
        kubernetes:
            auditLogs:
                enable: false
        malwareProtection:
            scanEc2InstanceWithFindings:
                ebsVolumes:
                    autoEnable: false
        s3Logs:
            autoEnable: false
    detectorId: string
OrganizationConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationConfiguration resource accepts the following input properties:
- DetectorId string
- The detector ID of the GuardDuty account.
- AutoEnable bool
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- AutoEnable stringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- Datasources
OrganizationConfiguration Datasources 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- DetectorId string
- The detector ID of the GuardDuty account.
- AutoEnable bool
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- AutoEnable stringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- Datasources
OrganizationConfiguration Datasources Args 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detectorId String
- The detector ID of the GuardDuty account.
- autoEnable Boolean
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- autoEnable StringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources
OrganizationConfiguration Datasources 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detectorId string
- The detector ID of the GuardDuty account.
- autoEnable boolean
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- autoEnable stringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources
OrganizationConfiguration Datasources 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detector_id str
- The detector ID of the GuardDuty account.
- auto_enable bool
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- auto_enable_ strorganization_ members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources
OrganizationConfiguration Datasources Args 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detectorId String
- The detector ID of the GuardDuty account.
- autoEnable Boolean
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- autoEnable StringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources Property Map
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationConfiguration resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OrganizationConfiguration Resource
Get an existing OrganizationConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationConfigurationState, opts?: CustomResourceOptions): OrganizationConfiguration@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auto_enable: Optional[bool] = None,
        auto_enable_organization_members: Optional[str] = None,
        datasources: Optional[OrganizationConfigurationDatasourcesArgs] = None,
        detector_id: Optional[str] = None) -> OrganizationConfigurationfunc GetOrganizationConfiguration(ctx *Context, name string, id IDInput, state *OrganizationConfigurationState, opts ...ResourceOption) (*OrganizationConfiguration, error)public static OrganizationConfiguration Get(string name, Input<string> id, OrganizationConfigurationState? state, CustomResourceOptions? opts = null)public static OrganizationConfiguration get(String name, Output<String> id, OrganizationConfigurationState state, CustomResourceOptions options)resources:  _:    type: aws:guardduty:OrganizationConfiguration    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AutoEnable bool
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- AutoEnable stringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- Datasources
OrganizationConfiguration Datasources 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- DetectorId string
- The detector ID of the GuardDuty account.
- AutoEnable bool
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- AutoEnable stringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- Datasources
OrganizationConfiguration Datasources Args 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- DetectorId string
- The detector ID of the GuardDuty account.
- autoEnable Boolean
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- autoEnable StringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources
OrganizationConfiguration Datasources 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detectorId String
- The detector ID of the GuardDuty account.
- autoEnable boolean
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- autoEnable stringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources
OrganizationConfiguration Datasources 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detectorId string
- The detector ID of the GuardDuty account.
- auto_enable bool
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- auto_enable_ strorganization_ members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources
OrganizationConfiguration Datasources Args 
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detector_id str
- The detector ID of the GuardDuty account.
- autoEnable Boolean
- Deprecated: Use auto_enable_organization_membersinstead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
- autoEnable StringOrganization Members 
- Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL,NEW,NONE.
- datasources Property Map
- Configuration for the collected datasources. Deprecated in favor of aws.guardduty.OrganizationConfigurationFeatureresources.
- detectorId String
- The detector ID of the GuardDuty account.
Supporting Types
OrganizationConfigurationDatasources, OrganizationConfigurationDatasourcesArgs      
- Kubernetes
OrganizationConfiguration Datasources Kubernetes 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
- MalwareProtection OrganizationConfiguration Datasources Malware Protection 
- Enable Malware Protection automatically for new member accounts.
- S3Logs
OrganizationConfiguration Datasources S3Logs 
- Enable S3 Protection automatically for new member accounts.
- Kubernetes
OrganizationConfiguration Datasources Kubernetes 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
- MalwareProtection OrganizationConfiguration Datasources Malware Protection 
- Enable Malware Protection automatically for new member accounts.
- S3Logs
OrganizationConfiguration Datasources S3Logs 
- Enable S3 Protection automatically for new member accounts.
- kubernetes
OrganizationConfiguration Datasources Kubernetes 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
- malwareProtection OrganizationConfiguration Datasources Malware Protection 
- Enable Malware Protection automatically for new member accounts.
- s3Logs
OrganizationConfiguration Datasources S3Logs 
- Enable S3 Protection automatically for new member accounts.
- kubernetes
OrganizationConfiguration Datasources Kubernetes 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
- malwareProtection OrganizationConfiguration Datasources Malware Protection 
- Enable Malware Protection automatically for new member accounts.
- s3Logs
OrganizationConfiguration Datasources S3Logs 
- Enable S3 Protection automatically for new member accounts.
- kubernetes
OrganizationConfiguration Datasources Kubernetes 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
- malware_protection OrganizationConfiguration Datasources Malware Protection 
- Enable Malware Protection automatically for new member accounts.
- s3_logs OrganizationConfiguration Datasources S3Logs 
- Enable S3 Protection automatically for new member accounts.
- kubernetes Property Map
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
- malwareProtection Property Map
- Enable Malware Protection automatically for new member accounts.
- s3Logs Property Map
- Enable S3 Protection automatically for new member accounts.
OrganizationConfigurationDatasourcesKubernetes, OrganizationConfigurationDatasourcesKubernetesArgs        
- AuditLogs OrganizationConfiguration Datasources Kubernetes Audit Logs 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
- AuditLogs OrganizationConfiguration Datasources Kubernetes Audit Logs 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
- auditLogs OrganizationConfiguration Datasources Kubernetes Audit Logs 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
- auditLogs OrganizationConfiguration Datasources Kubernetes Audit Logs 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
- audit_logs OrganizationConfiguration Datasources Kubernetes Audit Logs 
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
- auditLogs Property Map
- Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
OrganizationConfigurationDatasourcesKubernetesAuditLogs, OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs            
- Enable bool
- If true, enables Kubernetes audit logs as a data source for Kubernetes protection.
Defaults to true.
- Enable bool
- If true, enables Kubernetes audit logs as a data source for Kubernetes protection.
Defaults to true.
- enable Boolean
- If true, enables Kubernetes audit logs as a data source for Kubernetes protection.
Defaults to true.
- enable boolean
- If true, enables Kubernetes audit logs as a data source for Kubernetes protection.
Defaults to true.
- enable bool
- If true, enables Kubernetes audit logs as a data source for Kubernetes protection.
Defaults to true.
- enable Boolean
- If true, enables Kubernetes audit logs as a data source for Kubernetes protection.
Defaults to true.
OrganizationConfigurationDatasourcesMalwareProtection, OrganizationConfigurationDatasourcesMalwareProtectionArgs          
- ScanEc2Instance OrganizationWith Findings Configuration Datasources Malware Protection Scan Ec2Instance With Findings 
- Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
- ScanEc2Instance OrganizationWith Findings Configuration Datasources Malware Protection Scan Ec2Instance With Findings 
- Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
- scanEc2Instance OrganizationWith Findings Configuration Datasources Malware Protection Scan Ec2Instance With Findings 
- Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
- scanEc2Instance OrganizationWith Findings Configuration Datasources Malware Protection Scan Ec2Instance With Findings 
- Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
- scan_ec2_ Organizationinstance_ with_ findings Configuration Datasources Malware Protection Scan Ec2Instance With Findings 
- Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
- scanEc2Instance Property MapWith Findings 
- Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings, OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs                  
- EbsVolumes OrganizationConfiguration Datasources Malware Protection Scan Ec2Instance With Findings Ebs Volumes 
- Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
- EbsVolumes OrganizationConfiguration Datasources Malware Protection Scan Ec2Instance With Findings Ebs Volumes 
- Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
- ebsVolumes OrganizationConfiguration Datasources Malware Protection Scan Ec2Instance With Findings Ebs Volumes 
- Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
- ebsVolumes OrganizationConfiguration Datasources Malware Protection Scan Ec2Instance With Findings Ebs Volumes 
- Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
- ebs_volumes OrganizationConfiguration Datasources Malware Protection Scan Ec2Instance With Findings Ebs Volumes 
- Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
- ebsVolumes Property Map
- Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes, OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs                      
- AutoEnable bool
- If true, enables Malware Protection for all new accounts joining the organization.
Defaults to true.
- AutoEnable bool
- If true, enables Malware Protection for all new accounts joining the organization.
Defaults to true.
- autoEnable Boolean
- If true, enables Malware Protection for all new accounts joining the organization.
Defaults to true.
- autoEnable boolean
- If true, enables Malware Protection for all new accounts joining the organization.
Defaults to true.
- auto_enable bool
- If true, enables Malware Protection for all new accounts joining the organization.
Defaults to true.
- autoEnable Boolean
- If true, enables Malware Protection for all new accounts joining the organization.
Defaults to true.
OrganizationConfigurationDatasourcesS3Logs, OrganizationConfigurationDatasourcesS3LogsArgs        
- AutoEnable bool
- Set to trueif you want S3 data event logs to be automatically enabled for new members of the organization. Default:false
- AutoEnable bool
- Set to trueif you want S3 data event logs to be automatically enabled for new members of the organization. Default:false
- autoEnable Boolean
- Set to trueif you want S3 data event logs to be automatically enabled for new members of the organization. Default:false
- autoEnable boolean
- Set to trueif you want S3 data event logs to be automatically enabled for new members of the organization. Default:false
- auto_enable bool
- Set to trueif you want S3 data event logs to be automatically enabled for new members of the organization. Default:false
- autoEnable Boolean
- Set to trueif you want S3 data event logs to be automatically enabled for new members of the organization. Default:false
Import
Using pulumi import, import GuardDuty Organization Configurations using the GuardDuty Detector ID. For example:
$ pulumi import aws:guardduty/organizationConfiguration:OrganizationConfiguration example 00b00fd5aecc0ab60a708659477e9617
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the awsTerraform Provider.