amazon-web-servicesamazon-guardduty

AWS GuardDuty invitation


Do I need to enable GuardDuty in the "monitored" account before receiving the invitation?

I am trying to figure out whether or not the admin of the monitored account will be able to receive the invitation at all if the service is not enabled.


Solution

  • An member account joining a master account is done at the account level, not at the region level, and thus the member account will receive the invitation, regardless of the region(s) it is using services in.

    Regardless of the region an account is operating in, you should give serious consideration to enabling GuardDuty in all regions, even if you are not using a region. As per the AWS documentation here, best practice is to enable GuardDuty in all regions:

    It is highly recommended that you enable GuardDuty in all supported AWS regions. This allows GuardDuty to generate findings about unauthorized or unusual activity even in regions that you are not actively using. This also allows GuardDuty to monitor AWS CloudTrail events for global AWS services such as IAM. If GuardDuty is not enabled in all supported regions, its ability to detect activity that involves global services is reduced.