UpdateOrganizationConfigurationCommand

Suggest an Edit

Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers or autoEnable, but not both.

Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring .

There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints .

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { GuardDutyClient, UpdateOrganizationConfigurationCommand } from "@aws-sdk/client-guardduty"; // ES Modules import
// const { GuardDutyClient, UpdateOrganizationConfigurationCommand } = require("@aws-sdk/client-guardduty"); // CommonJS import
const client = new GuardDutyClient(config);
const input = { // UpdateOrganizationConfigurationRequest
  DetectorId: "STRING_VALUE", // required
  AutoEnable: true || false,
  DataSources: { // OrganizationDataSourceConfigurations
    S3Logs: { // OrganizationS3LogsConfiguration
      AutoEnable: true || false, // required
    },
    Kubernetes: { // OrganizationKubernetesConfiguration
      AuditLogs: { // OrganizationKubernetesAuditLogsConfiguration
        AutoEnable: true || false, // required
      },
    },
    MalwareProtection: { // OrganizationMalwareProtectionConfiguration
      ScanEc2InstanceWithFindings: { // OrganizationScanEc2InstanceWithFindings
        EbsVolumes: { // OrganizationEbsVolumes
          AutoEnable: true || false,
        },
      },
    },
  },
  Features: [ // OrganizationFeaturesConfigurations
    { // OrganizationFeatureConfiguration
      Name: "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "EKS_RUNTIME_MONITORING" || "LAMBDA_NETWORK_LOGS" || "RUNTIME_MONITORING",
      AutoEnable: "NEW" || "NONE" || "ALL",
      AdditionalConfiguration: [ // OrganizationAdditionalConfigurations
        { // OrganizationAdditionalConfiguration
          Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
          AutoEnable: "NEW" || "NONE" || "ALL",
        },
      ],
    },
  ],
  AutoEnableOrganizationMembers: "NEW" || "ALL" || "NONE",
};
const command = new UpdateOrganizationConfigurationCommand(input);
const response = await client.send(command);
// {};

UpdateOrganizationConfigurationCommand Input

See UpdateOrganizationConfigurationCommandInput for more details

Parameter
Type
Description
DetectorId
Required
string | undefined

The ID of the detector that configures the delegated administrator.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors  API.

AutoEnable
boolean | undefined

Represents whether to automatically enable member accounts in the organization. This applies to only new member accounts, not the existing member accounts. When a new account joins the organization, the chosen features will be enabled for them by default.

Even though this is still supported, we recommend using AutoEnableOrganizationMembers to achieve the similar results. You must provide a value for either autoEnableOrganizationMembers or autoEnable.

AutoEnableOrganizationMembers
AutoEnableMembers | undefined

Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. You must provide a value for either autoEnableOrganizationMembers or autoEnable.

Use one of the following configuration values for autoEnableOrganizationMembers:

  • NEW: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.

  • ALL: Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.

    It may take up to 24 hours to update the configuration for all the member accounts.

  • NONE: Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.

    When you update the auto-enable setting from ALL or NEW to NONE, this action doesn't disable the corresponding option for your existing accounts. This configuration will apply to the new accounts that join the organization. After you update the auto-enable settings, no new account will have the corresponding option as enabled.

DataSources
OrganizationDataSourceConfigurations | undefined

Describes which data sources will be updated.

Features
OrganizationFeatureConfiguration[] | undefined

A list of features that will be configured for the organization.

UpdateOrganizationConfigurationCommand Output

See UpdateOrganizationConfigurationCommandOutput for details

Parameter
Type
Description
$metadata
Required
ResponseMetadata
Metadata pertaining to this request.

Throws

Name
Fault
Details
BadRequestException
client

A bad request exception object.

InternalServerErrorException
server

An internal server error exception object.

GuardDutyServiceException
Base exception class for all service exceptions from GuardDuty service.