Ensure GuardDuty is enabled to specific org/region

Error: GuardDuty is not enbaled to specific org/region

Bridgecrew Policy ID: BC_AWS_GENERAL_66
Checkov Check ID: CKV2_AWS_3
Severity: LOW

GuardDuty is not enbaled to specific org/region


GuardDuty is a security service provided by Amazon Web Services (AWS) that uses machine learning and threat intelligence to detect potential threats to your AWS accounts and workloads. Enabling GuardDuty in specific regions or within your organization can help you to identify and respond to potential threats more quickly and effectively. This can help to reduce the risk of security breaches and protect your data and systems from malicious activity.

Fix - Buildtime


  • Resource: aws_guardduty_detector, aws_guardduty_organization_configuration
  • Argument: auto_enable of aws_guardduty_organization_configuration
resource "aws_guardduty_detector" "ok" {
  enable = true

resource "aws_guardduty_organization_configuration" "example" {
  auto_enable = true
  detector_id = aws_guardduty_detector.ok.id