Readonly
auto(OPTIONAL) Enables/disables the auto enabling of GuardDuty for any account including the new accounts joining the organization
It is recommended to set the value to false
when using the deploymentTargets
property to enable GuardDuty only on targeted accounts mentioned in the deploymentTargets. If you do not define or do not set it to false
any new accounts joining the organization will automatically be enabled with GuardDuty.
true
Readonly
deployment(OPTIONAL) Deployment targets for GuardDuty
We highly recommend enabling GuardDuty across all accounts and enabled regions within your organization.
deploymentTargets
should only be used when more granular control is required, not as a default configuration
Please only specify one of the deploymentTargets
or excludeRegions
properties.
Note: The delegated admin account defined in centralSecurityServices will always have GuardDuty enabled
Readonly
eks(OPTIONAL) AWS GuardDuty EKS Protection configuration.
Readonly
enableIndicates whether AWS GuardDuty enabled.
Readonly
exclude(OPTIONAL) List of AWS Region names to be excluded from configuring Amazon GuardDuty
Please only specify one of the excludeRegions
or deploymentTargets
properties.
Readonly
exportAWS GuardDuty Export Findings configuration.
Readonly
lifecycle(OPTIONAL) Declaration of a S3 Lifecycle rule.
Readonly
s3AWS GuardDuty S3 Protection configuration.
Generated using TypeDoc
SecurityConfig / CentralSecurityServicesConfig / GuardDutyConfig
Description
AWS GuardDuty configuration Use this configuration to enable Amazon GuardDuty for an AWS Organization, as well as other modular feature protections.
Example