Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

AWS Classic

v4.25.0 published on Friday, Oct 15, 2021 by Pulumi

OrganizationConfiguration

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g. via the aws.guardduty.OrganizationAdminAccount resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

NOTE: This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleDetector = new Aws.GuardDuty.Detector("exampleDetector", new Aws.GuardDuty.DetectorArgs
        {
            Enable = true,
        });
        var exampleOrganizationConfiguration = new Aws.GuardDuty.OrganizationConfiguration("exampleOrganizationConfiguration", new Aws.GuardDuty.OrganizationConfigurationArgs
        {
            AutoEnable = true,
            DetectorId = exampleDetector.Id,
            Datasources = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesArgs
            {
                S3Logs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesS3LogsArgs
                {
                    AutoEnable = true,
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleDetector, err := guardduty.NewDetector(ctx, "exampleDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewOrganizationConfiguration(ctx, "exampleOrganizationConfiguration", &guardduty.OrganizationConfigurationArgs{
			AutoEnable: pulumi.Bool(true),
			DetectorId: exampleDetector.ID(),
			Datasources: &guardduty.OrganizationConfigurationDatasourcesArgs{
				S3Logs: &guardduty.OrganizationConfigurationDatasourcesS3LogsArgs{
					AutoEnable: pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

example_detector = aws.guardduty.Detector("exampleDetector", enable=True)
example_organization_configuration = aws.guardduty.OrganizationConfiguration("exampleOrganizationConfiguration",
    auto_enable=True,
    detector_id=example_detector.id,
    datasources=aws.guardduty.OrganizationConfigurationDatasourcesArgs(
        s3_logs=aws.guardduty.OrganizationConfigurationDatasourcesS3LogsArgs(
            auto_enable=True,
        ),
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleDetector = new aws.guardduty.Detector("exampleDetector", {enable: true});
const exampleOrganizationConfiguration = new aws.guardduty.OrganizationConfiguration("exampleOrganizationConfiguration", {
    autoEnable: true,
    detectorId: exampleDetector.id,
    datasources: {
        s3Logs: {
            autoEnable: true,
        },
    },
});

Create a OrganizationConfiguration Resource

new OrganizationConfiguration(name: string, args: OrganizationConfigurationArgs, opts?: CustomResourceOptions);
@overload
def OrganizationConfiguration(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              auto_enable: Optional[bool] = None,
                              datasources: Optional[OrganizationConfigurationDatasourcesArgs] = None,
                              detector_id: Optional[str] = None)
@overload
def OrganizationConfiguration(resource_name: str,
                              args: OrganizationConfigurationArgs,
                              opts: Optional[ResourceOptions] = None)
func NewOrganizationConfiguration(ctx *Context, name string, args OrganizationConfigurationArgs, opts ...ResourceOption) (*OrganizationConfiguration, error)
public OrganizationConfiguration(string name, OrganizationConfigurationArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args OrganizationConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args OrganizationConfigurationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args OrganizationConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args OrganizationConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

OrganizationConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The OrganizationConfiguration resource accepts the following input properties:

AutoEnable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
DetectorId string
The detector ID of the GuardDuty account.
Datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
AutoEnable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
DetectorId string
The detector ID of the GuardDuty account.
Datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
autoEnable boolean
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
detectorId string
The detector ID of the GuardDuty account.
datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
auto_enable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
detector_id str
The detector ID of the GuardDuty account.
datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.

Outputs

All input properties are implicitly available as output properties. Additionally, the OrganizationConfiguration resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing OrganizationConfiguration Resource

Get an existing OrganizationConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OrganizationConfigurationState, opts?: CustomResourceOptions): OrganizationConfiguration
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auto_enable: Optional[bool] = None,
        datasources: Optional[OrganizationConfigurationDatasourcesArgs] = None,
        detector_id: Optional[str] = None) -> OrganizationConfiguration
func GetOrganizationConfiguration(ctx *Context, name string, id IDInput, state *OrganizationConfigurationState, opts ...ResourceOption) (*OrganizationConfiguration, error)
public static OrganizationConfiguration Get(string name, Input<string> id, OrganizationConfigurationState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AutoEnable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
Datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
DetectorId string
The detector ID of the GuardDuty account.
AutoEnable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
Datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
DetectorId string
The detector ID of the GuardDuty account.
autoEnable boolean
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
detectorId string
The detector ID of the GuardDuty account.
auto_enable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
datasources OrganizationConfigurationDatasourcesArgs
Configuration for the collected datasources.
detector_id str
The detector ID of the GuardDuty account.

Supporting Types

OrganizationConfigurationDatasources

S3Logs OrganizationConfigurationDatasourcesS3Logs
Configuration for the builds to store logs to S3.
S3Logs OrganizationConfigurationDatasourcesS3Logs
Configuration for the builds to store logs to S3.
s3Logs OrganizationConfigurationDatasourcesS3Logs
Configuration for the builds to store logs to S3.
s3_logs OrganizationConfigurationDatasourcesS3Logs
Configuration for the builds to store logs to S3.

OrganizationConfigurationDatasourcesS3Logs

AutoEnable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
AutoEnable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
autoEnable boolean
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
auto_enable bool
When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

Import

GuardDuty Organization Configurations can be imported using the GuardDuty Detector ID, e.g.

 $ pulumi import aws:guardduty/organizationConfiguration:OrganizationConfiguration example 00b00fd5aecc0ab60a708659477e9617

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.