GuardDuty is not enabled to specific org/region
Description
GuardDuty is a security service provided by Amazon Web Services (AWS) that uses machine learning and threat intelligence to detect potential threats to your AWS accounts and workloads. Enabling GuardDuty in specific regions or within your organization can help you to identify and respond to potential threats more quickly and effectively. This can help to reduce the risk of security breaches and protect your data and systems from malicious activity.
Code Example
go
resource "aws_guardduty_detector" "ok" {
enable = true
}
resource "aws_guardduty_organization_configuration" "example" {
auto_enable = true
detector_id = aws_guardduty_detector.ok.id
}Remediation
Terraform
- Resource: aws_guardduty_detector, aws_guardduty_organization_configuration
- Arguments: auto_enable of aws_guardduty_organization_configuration
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0442 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_3 |