Skip to content

scalefactory/aws-control-tower-guardduty-enabler

BranchesTags
 
 

Repository files navigation

Centralize AWS GuardDuty

Installing this Customization will enable GuardDuty in all AWS Control Tower managed accounts, with the management delegated to a security account.

This is done by deploying a GuardDuty Enabler lambda function in the Control Tower root account. It runs periodically and checks each Control Tower managed account/region to ensure that they have been invited into the GuardDuty Admin account and that GuardDuty is enabled.

Attributions

The original code for automating GuardDuty enablement in AWS accounts is present here. This has been extended to work with Control Tower.

Instructions

  1. Run src/package.sh to package the code and dependencies

  2. Upload the src/guardduty_enabler.zip file to an S3 bucket, note the bucket name

  3. Gather other information for deployment parameters:

    • In AWS Organizations, look on the Settings page for the Organization ID. It will be o-xxxxxxxxxx
    • In AWS Organizations, look on the Accounts page for the Security Account ID.

  4. Launch the CloudFormation stack: aws-control-tower-guardduty-enabler.template

License

This project is licensed under the Apache-2.0 License.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Python 98.5%
  • Shell 1.5%