Automate Amazon GuardDuty Provisioning Over Multiple Accounts and Regions with AWS CloudFormation StackSets Integration

Posted on: Jul 6, 2018

You can now activate Amazon GuardDuty across multiple accounts and regions as well as link those accounts back to a master account by using AWS CloudFormation StackSets. Your security team can now automate the provisioning of GuardDuty across hundreds of accounts.

Using the Amazon GuardDuty master account, you are still required to send invitations to all desired member accounts. Once these invitations are sent, utilize the AWS CloudFormation StackSet template, "Enable Amazon GuardDuty", to enable the service in the invited member accounts across regions. You can find the CloudFormation StackSet template by going to the CloudFormation console, selecting the Create a new StackSet tab, and choosing the "Enable Amazon GuardDuty" template.

AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. AWS CloudFormation helps you implement an Infrastructure-as-Code model. Instead of setting up your environments and applications by hand, you can build a template or use predefined ones, and use it to create all of the necessary resources, collectively known as a CloudFormation stack. This model removes opportunities for manual error, increases efficiency, and ensures consistent configurations over time.

To learn more see Managing AWS Accounts in Amazon GuardDuty. To start your 30-day free trial, see Amazon GuardDuty Free Trial.