Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managing multiple accounts in Amazon GuardDuty

When your Amazon environment has multiple accounts, you can manage them by designating one Amazon account as your administrator account. You can then associate other Amazon accounts with this administrator account as its member accounts. This designated GuardDuty administrator account can configure the protection plans Within GuardDuty there are two ways to associate accounts with a administrator account – create an organization by using Amazon Organizations and both administrator account and one or more member accounts belong to this organization, or send an invitation to an Amazon account through GuardDuty.

GuardDuty recommends using the Amazon Organizations method. For more information about setting up an organization, see Creating an organization in the Amazon Organizations User Guide.

Managing multiple accounts with Amazon Organizations

If the account that you want to specify as the GuardDuty administrator account is part of an organization in Amazon Organizations, then you can specify that account as the organization's delegated administrator for GuardDuty. The account that is registered as the delegated administrator automatically becomes the GuardDuty administrator account.

You can use this administrator account to enable and manage GuardDuty for any Amazon Web Services account in the organization when you add that account as a member account.

If you already have a GuardDuty administrator account with associated member accounts by invitation, you can register that account as the GuardDuty delegated administrator for the organization. When you do, all currently associated member accounts remain members, allowing you to take full advantage of the added functionality of managing your GuardDuty accounts with Amazon Organizations.

For more information about supporting multiple accounts in GuardDuty through an organization, see Managing GuardDuty accounts with Amazon Organizations.

Managing multiple accounts by invitation

If the accounts that you want to associate are not a part of your organization, you can specify an administrator account in GuardDuty and then use the administrator account to invite other Amazon Web Services accounts to become member accounts. When the invited account accepts the invitation, that account becomes a GuardDuty member account associated with the administrator account.

For more information about supporting multiple accounts by invitation in GuardDuty see Managing GuardDuty accounts by invitation.