Enable GuardDuty in all regions.
| Name |
Description |
Type |
Required |
| delegated_admin_account_id |
AWS account ID within AWS Organization that should become delegated administrator of GuardDuty. This overrides the global master_account_id for GuardDuty and enforces AWS Organization-based account management instead of invite-based. |
string |
no |
| detector_features |
List of enabled detector features. Valid values: S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS, EKS_RUNTIME_MONITORING, LAMBDA_NETWORK_LOGS. |
list(string) |
no |
| disable_email_notification |
Boolean whether an email notification is sent to the accounts. |
bool |
no |
| finding_publishing_frequency |
Specifies the frequency of notifications sent for subsequent finding occurrences. |
string |
no |
| invitation_message |
Message for invitation. |
string |
no |
| master_account_id |
AWS account ID for master account. |
string |
no |
| member_accounts |
A list of IDs and emails of AWS accounts to be associated as member accounts. |
list(object({
account_id = string
email = string
})) |
no |
| org_configuration |
Shared organization configuration. Only applies for delegated administrator account. |
object({
auto_enable_organization_members = optional(string, "NONE"),
auto_enable_s3_logs = optional(bool, false)
enable_k8s_audit_logs = optional(bool, false)
auto_enable_ebs_volumes_scan = optional(bool, false)
}) |
no |
| tags |
Specifies object tags key and value. This applies to all resources created by this module. |
map(string) |
no |