Information Security
AWS Security Tools That Support AWS Organizations

AWS Security Tools That Support AWS Organizations

Over the years, I have come to specialize in multi-account AWS security. One of the first things I do and recommend is setting up a proper AWS Multi-Account Structure, beginning with a Master Account without any resources. This helps me deploy SCPs out at the organizational root.

Previously, it was quite cumbersome to deploy security services like AWS GuardDuty or even CloudTrail to multiple accounts. Finally, AWS has noticed and made it easier to deploy these services either centrally from the master account, or even better using a delegated administrator account, such as a dedicated AWS Security Account.

Below is a list of services that are currently AWS Organizations compatible.

AWS CloudTrail

Configuring AWS at the organization-level requires CloudTrail permissions on the master account. It’s exactly the same process as creating a regular CloudTrail except that you enable it at the organizations level during creation:

Screenshot of AWS Organizational CloudTrail option

Additional documentation can be found here:

By the way, the proper name of CloudTrail enabled organizationally is “Organization Trail.”

AWS Guardduty

Here is the announcement:

Supported by Terraform.

AWS Security Hub

Here is a link to AWS Documentation:

AWS IAM Access Analyzer

Organizations support currently not supported in Terraform. Here is the issue:

If this article was helpful to you, consider subscribing to my weekly newsletter, where I share my latest commentary as a vCISO for high growth startups.

Check out how we help startups accelerate and level up their security programs through vCISO (CISO As A Service) and DevSecOps As A Service.

Leave a Reply

Your email address will not be published. Required fields are marked *