1. Packages
  2. AWS Classic
  3. API Docs
  4. guardduty
  5. OrganizationConfiguration

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi


Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi

    Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g., via the aws.guardduty.OrganizationAdminAccount resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

    NOTE: This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    const example = new aws.guardduty.Detector("example", {enable: true});
    const exampleOrganizationConfiguration = new aws.guardduty.OrganizationConfiguration("example", {
        autoEnableOrganizationMembers: "ALL",
        detectorId: example.id,
        datasources: {
            s3Logs: {
                autoEnable: true,
            kubernetes: {
                auditLogs: {
                    enable: true,
            malwareProtection: {
                scanEc2InstanceWithFindings: {
                    ebsVolumes: {
                        autoEnable: true,
    import pulumi
    import pulumi_aws as aws
    example = aws.guardduty.Detector("example", enable=True)
    example_organization_configuration = aws.guardduty.OrganizationConfiguration("example",
            "s3Logs": {
                "autoEnable": True,
            "kubernetes": {
                "auditLogs": {
                    "enable": True,
            "malwareProtection": {
                "scanEc2InstanceWithFindings": {
                    "ebsVolumes": {
                        "autoEnable": True,
    package main
    import (
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := guardduty.NewDetector(ctx, "example", &guardduty.DetectorArgs{
    			Enable: pulumi.Bool(true),
    		if err != nil {
    			return err
    		_, err = guardduty.NewOrganizationConfiguration(ctx, "example", &guardduty.OrganizationConfigurationArgs{
    			AutoEnableOrganizationMembers: pulumi.String("ALL"),
    			DetectorId:                    example.ID(),
    			Datasources: &guardduty.OrganizationConfigurationDatasourcesArgs{
    				S3Logs: &guardduty.OrganizationConfigurationDatasourcesS3LogsArgs{
    					AutoEnable: pulumi.Bool(true),
    				Kubernetes: &guardduty.OrganizationConfigurationDatasourcesKubernetesArgs{
    					AuditLogs: &guardduty.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs{
    						Enable: pulumi.Bool(true),
    				MalwareProtection: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionArgs{
    					ScanEc2InstanceWithFindings: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs{
    						EbsVolumes: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs{
    							AutoEnable: pulumi.Bool(true),
    		if err != nil {
    			return err
    		return nil
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    return await Deployment.RunAsync(() => 
        var example = new Aws.GuardDuty.Detector("example", new()
            Enable = true,
        var exampleOrganizationConfiguration = new Aws.GuardDuty.OrganizationConfiguration("example", new()
            AutoEnableOrganizationMembers = "ALL",
            DetectorId = example.Id,
            Datasources = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesArgs
                S3Logs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesS3LogsArgs
                    AutoEnable = true,
                Kubernetes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesArgs
                    AuditLogs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs
                        Enable = true,
                MalwareProtection = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionArgs
                    ScanEc2InstanceWithFindings = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs
                        EbsVolumes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs
                            AutoEnable = true,
    package generated_program;
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.guardduty.Detector;
    import com.pulumi.aws.guardduty.DetectorArgs;
    import com.pulumi.aws.guardduty.OrganizationConfiguration;
    import com.pulumi.aws.guardduty.OrganizationConfigurationArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesS3LogsArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesKubernetesArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesMalwareProtectionArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs;
    import com.pulumi.aws.guardduty.inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    public class App {
        public static void main(String[] args) {
        public static void stack(Context ctx) {
            var example = new Detector("example", DetectorArgs.builder()
            var exampleOrganizationConfiguration = new OrganizationConfiguration("exampleOrganizationConfiguration", OrganizationConfigurationArgs.builder()
        type: aws:guardduty:Detector
          enable: true
        type: aws:guardduty:OrganizationConfiguration
        name: example
          autoEnableOrganizationMembers: ALL
          detectorId: ${example.id}
              autoEnable: true
                enable: true
                  autoEnable: true

    Create OrganizationConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new OrganizationConfiguration(name: string, args: OrganizationConfigurationArgs, opts?: CustomResourceOptions);
    def OrganizationConfiguration(resource_name: str,
                                  args: OrganizationConfigurationArgs,
                                  opts: Optional[ResourceOptions] = None)
    def OrganizationConfiguration(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  detector_id: Optional[str] = None,
                                  auto_enable: Optional[bool] = None,
                                  auto_enable_organization_members: Optional[str] = None,
                                  datasources: Optional[OrganizationConfigurationDatasourcesArgs] = None)
    func NewOrganizationConfiguration(ctx *Context, name string, args OrganizationConfigurationArgs, opts ...ResourceOption) (*OrganizationConfiguration, error)
    public OrganizationConfiguration(string name, OrganizationConfigurationArgs args, CustomResourceOptions? opts = null)
    public OrganizationConfiguration(String name, OrganizationConfigurationArgs args)
    public OrganizationConfiguration(String name, OrganizationConfigurationArgs args, CustomResourceOptions options)
    type: aws:guardduty:OrganizationConfiguration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.


    name string
    The unique name of the resource.
    args OrganizationConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OrganizationConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OrganizationConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OrganizationConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OrganizationConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var awsOrganizationConfigurationResource = new Aws.GuardDuty.OrganizationConfiguration("awsOrganizationConfigurationResource", new()
        DetectorId = "string",
        AutoEnableOrganizationMembers = "string",
        Datasources = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesArgs
            Kubernetes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesArgs
                AuditLogs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs
                    Enable = false,
            MalwareProtection = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionArgs
                ScanEc2InstanceWithFindings = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs
                    EbsVolumes = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs
                        AutoEnable = false,
            S3Logs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesS3LogsArgs
                AutoEnable = false,
    example, err := guardduty.NewOrganizationConfiguration(ctx, "awsOrganizationConfigurationResource", &guardduty.OrganizationConfigurationArgs{
    	DetectorId:                    pulumi.String("string"),
    	AutoEnableOrganizationMembers: pulumi.String("string"),
    	Datasources: &guardduty.OrganizationConfigurationDatasourcesArgs{
    		Kubernetes: &guardduty.OrganizationConfigurationDatasourcesKubernetesArgs{
    			AuditLogs: &guardduty.OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs{
    				Enable: pulumi.Bool(false),
    		MalwareProtection: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionArgs{
    			ScanEc2InstanceWithFindings: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs{
    				EbsVolumes: &guardduty.OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs{
    					AutoEnable: pulumi.Bool(false),
    		S3Logs: &guardduty.OrganizationConfigurationDatasourcesS3LogsArgs{
    			AutoEnable: pulumi.Bool(false),
    var awsOrganizationConfigurationResource = new OrganizationConfiguration("awsOrganizationConfigurationResource", OrganizationConfigurationArgs.builder()
    aws_organization_configuration_resource = aws.guardduty.OrganizationConfiguration("awsOrganizationConfigurationResource",
            "kubernetes": {
                "auditLogs": {
                    "enable": False,
            "malwareProtection": {
                "scanEc2InstanceWithFindings": {
                    "ebsVolumes": {
                        "autoEnable": False,
            "s3Logs": {
                "autoEnable": False,
    const awsOrganizationConfigurationResource = new aws.guardduty.OrganizationConfiguration("awsOrganizationConfigurationResource", {
        detectorId: "string",
        autoEnableOrganizationMembers: "string",
        datasources: {
            kubernetes: {
                auditLogs: {
                    enable: false,
            malwareProtection: {
                scanEc2InstanceWithFindings: {
                    ebsVolumes: {
                        autoEnable: false,
            s3Logs: {
                autoEnable: false,
    type: aws:guardduty:OrganizationConfiguration
        autoEnableOrganizationMembers: string
                    enable: false
                        autoEnable: false
                autoEnable: false
        detectorId: string

    OrganizationConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.


    The OrganizationConfiguration resource accepts the following input properties:

    DetectorId string
    The detector ID of the GuardDuty account.
    AutoEnable bool
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    AutoEnableOrganizationMembers string
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    Datasources OrganizationConfigurationDatasources
    Configuration for the collected datasources.
    DetectorId string
    The detector ID of the GuardDuty account.
    AutoEnable bool
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    AutoEnableOrganizationMembers string
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    Datasources OrganizationConfigurationDatasourcesArgs
    Configuration for the collected datasources.
    detectorId String
    The detector ID of the GuardDuty account.
    autoEnable Boolean
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    autoEnableOrganizationMembers String
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources OrganizationConfigurationDatasources
    Configuration for the collected datasources.
    detectorId string
    The detector ID of the GuardDuty account.
    autoEnable boolean
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    autoEnableOrganizationMembers string
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources OrganizationConfigurationDatasources
    Configuration for the collected datasources.
    detector_id str
    The detector ID of the GuardDuty account.
    auto_enable bool
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    auto_enable_organization_members str
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources OrganizationConfigurationDatasourcesArgs
    Configuration for the collected datasources.
    detectorId String
    The detector ID of the GuardDuty account.
    autoEnable Boolean
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    autoEnableOrganizationMembers String
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources Property Map
    Configuration for the collected datasources.


    All input properties are implicitly available as output properties. Additionally, the OrganizationConfiguration resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing OrganizationConfiguration Resource

    Get an existing OrganizationConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OrganizationConfigurationState, opts?: CustomResourceOptions): OrganizationConfiguration
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auto_enable: Optional[bool] = None,
            auto_enable_organization_members: Optional[str] = None,
            datasources: Optional[OrganizationConfigurationDatasourcesArgs] = None,
            detector_id: Optional[str] = None) -> OrganizationConfiguration
    func GetOrganizationConfiguration(ctx *Context, name string, id IDInput, state *OrganizationConfigurationState, opts ...ResourceOption) (*OrganizationConfiguration, error)
    public static OrganizationConfiguration Get(string name, Input<string> id, OrganizationConfigurationState? state, CustomResourceOptions? opts = null)
    public static OrganizationConfiguration get(String name, Output<String> id, OrganizationConfigurationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AutoEnable bool
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    AutoEnableOrganizationMembers string
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    Datasources OrganizationConfigurationDatasources
    Configuration for the collected datasources.
    DetectorId string
    The detector ID of the GuardDuty account.
    AutoEnable bool
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    AutoEnableOrganizationMembers string
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    Datasources OrganizationConfigurationDatasourcesArgs
    Configuration for the collected datasources.
    DetectorId string
    The detector ID of the GuardDuty account.
    autoEnable Boolean
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    autoEnableOrganizationMembers String
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources OrganizationConfigurationDatasources
    Configuration for the collected datasources.
    detectorId String
    The detector ID of the GuardDuty account.
    autoEnable boolean
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    autoEnableOrganizationMembers string
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources OrganizationConfigurationDatasources
    Configuration for the collected datasources.
    detectorId string
    The detector ID of the GuardDuty account.
    auto_enable bool
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    auto_enable_organization_members str
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources OrganizationConfigurationDatasourcesArgs
    Configuration for the collected datasources.
    detector_id str
    The detector ID of the GuardDuty account.
    autoEnable Boolean
    Deprecated: Use auto_enable_organization_members instead. When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

    Deprecated: Use auto_enable_organization_members instead

    autoEnableOrganizationMembers String
    Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. Valid values are ALL, NEW, NONE.
    datasources Property Map
    Configuration for the collected datasources.
    detectorId String
    The detector ID of the GuardDuty account.

    Supporting Types

    OrganizationConfigurationDatasources, OrganizationConfigurationDatasourcesArgs

    Kubernetes OrganizationConfigurationDatasourcesKubernetes
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
    MalwareProtection OrganizationConfigurationDatasourcesMalwareProtection
    Enable Malware Protection automatically for new member accounts.
    S3Logs OrganizationConfigurationDatasourcesS3Logs
    Enable S3 Protection automatically for new member accounts.
    Kubernetes OrganizationConfigurationDatasourcesKubernetes
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
    MalwareProtection OrganizationConfigurationDatasourcesMalwareProtection
    Enable Malware Protection automatically for new member accounts.
    S3Logs OrganizationConfigurationDatasourcesS3Logs
    Enable S3 Protection automatically for new member accounts.
    kubernetes OrganizationConfigurationDatasourcesKubernetes
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
    malwareProtection OrganizationConfigurationDatasourcesMalwareProtection
    Enable Malware Protection automatically for new member accounts.
    s3Logs OrganizationConfigurationDatasourcesS3Logs
    Enable S3 Protection automatically for new member accounts.
    kubernetes OrganizationConfigurationDatasourcesKubernetes
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
    malwareProtection OrganizationConfigurationDatasourcesMalwareProtection
    Enable Malware Protection automatically for new member accounts.
    s3Logs OrganizationConfigurationDatasourcesS3Logs
    Enable S3 Protection automatically for new member accounts.
    kubernetes OrganizationConfigurationDatasourcesKubernetes
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
    malware_protection OrganizationConfigurationDatasourcesMalwareProtection
    Enable Malware Protection automatically for new member accounts.
    s3_logs OrganizationConfigurationDatasourcesS3Logs
    Enable S3 Protection automatically for new member accounts.
    kubernetes Property Map
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts.
    malwareProtection Property Map
    Enable Malware Protection automatically for new member accounts.
    s3Logs Property Map
    Enable S3 Protection automatically for new member accounts.

    OrganizationConfigurationDatasourcesKubernetes, OrganizationConfigurationDatasourcesKubernetesArgs

    AuditLogs OrganizationConfigurationDatasourcesKubernetesAuditLogs
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
    AuditLogs OrganizationConfigurationDatasourcesKubernetesAuditLogs
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
    auditLogs OrganizationConfigurationDatasourcesKubernetesAuditLogs
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
    auditLogs OrganizationConfigurationDatasourcesKubernetesAuditLogs
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
    audit_logs OrganizationConfigurationDatasourcesKubernetesAuditLogs
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.
    auditLogs Property Map
    Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. Kubernetes protection. See Kubernetes Audit Logs below for more details.

    OrganizationConfigurationDatasourcesKubernetesAuditLogs, OrganizationConfigurationDatasourcesKubernetesAuditLogsArgs

    Enable bool
    If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.
    Enable bool
    If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.
    enable Boolean
    If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.
    enable boolean
    If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.
    enable bool
    If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.
    enable Boolean
    If true, enables Kubernetes audit logs as a data source for Kubernetes protection. Defaults to true.

    OrganizationConfigurationDatasourcesMalwareProtection, OrganizationConfigurationDatasourcesMalwareProtectionArgs

    ScanEc2InstanceWithFindings OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings
    Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
    ScanEc2InstanceWithFindings OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings
    Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
    scanEc2InstanceWithFindings OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings
    Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
    scanEc2InstanceWithFindings OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings
    Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
    scan_ec2_instance_with_findings OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings
    Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.
    scanEc2InstanceWithFindings Property Map
    Configure whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization. See Scan EC2 instance with findings below for more details.

    OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings, OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsArgs

    EbsVolumes OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes
    Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
    EbsVolumes OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes
    Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
    ebsVolumes OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes
    Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
    ebsVolumes OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes
    Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
    ebs_volumes OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes
    Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.
    ebsVolumes Property Map
    Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization See EBS volumes below for more details.

    OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes, OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesArgs

    AutoEnable bool
    If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.
    AutoEnable bool
    If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.
    autoEnable Boolean
    If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.
    autoEnable boolean
    If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.
    auto_enable bool
    If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.
    autoEnable Boolean
    If true, enables Malware Protection for all new accounts joining the organization. Defaults to true.

    OrganizationConfigurationDatasourcesS3Logs, OrganizationConfigurationDatasourcesS3LogsArgs

    AutoEnable bool
    Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false
    AutoEnable bool
    Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false
    autoEnable Boolean
    Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false
    autoEnable boolean
    Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false
    auto_enable bool
    Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false
    autoEnable Boolean
    Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false


    Using pulumi import, import GuardDuty Organization Configurations using the GuardDuty Detector ID. For example:

    $ pulumi import aws:guardduty/organizationConfiguration:OrganizationConfiguration example 00b00fd5aecc0ab60a708659477e9617

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    AWS Classic pulumi/pulumi-aws
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi