# Enabling GuardDuty Runtime Monitoring Enabling Runtime Monitoring Before enabling Runtime Monitoring in your account, make sure that the resource type for which you want to monitor the runtime events, supports the platforms requirements. For more information, see [Prerequisites](runtime-monitoring-prerequisites.md). If you have been using EKS Runtime Monitoring prior to the launch of Runtime Monitoring, you can use the APIs to check and update the existing configuration for EKS Runtime Monitoring. You can also migrate your existing configuration from EKS Runtime Monitoring to Runtime Monitoring. For more information, see [Migrating from EKS Runtime Monitoring to Runtime Monitoring](migrating-from-eksrunmon-to-runtime-monitoring.md). You can configure Runtime Monitoring by using the steps in the following topics. **Topics** + [ # Enabling Runtime Monitoring for multiple-account environments ](enable-runtime-monitoring-multiple-acc-env.md) + [ # Enabling Runtime Monitoring for a standalone account ](enable-runtime-monitoring-standalone-acc.md) # Enabling Runtime Monitoring for multiple-account environments In a multiple-account environments, only the delegated GuardDuty administrator account can enable or disable Runtime Monitoring for the member accounts, and manage automated agent configuration for the resource types belonging to the member accounts in their organization. The GuardDuty member accounts can't modify this configuration from their accounts. The delegated GuardDuty administrator account account manages their member accounts using Amazon Organizations. For more information about multi-account environments, see [Managing multiple accounts](https://docs.amazonaws.cn/guardduty/latest/ug/guardduty_accounts.html). ## For delegated GuardDuty administrator account **To enable Runtime Monitoring for delegated GuardDuty administrator account** 1. Sign in to the Amazon Web Services Management Console and open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). 1. In the navigation pane, choose **Runtime Monitoring**. 1. Under the **Configuration** tab, choose **Edit** in the **Runtime Monitoring configuration** section. 1. **Using Enable for all accounts** If you want to enable Runtime Monitoring for all the accounts that belong to the organization, including the delegated GuardDuty administrator account, then choose **Enable for all accounts**. 1. **Using Configure accounts manually** If you want to enable Runtime Monitoring for each member account individually, then choose **Configure accounts manually**. 1. Choose **Enable** under the **Delegated Administrator (this account)** section. 1. For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources: **To enable GuardDuty security agent** + [Enabling automated security agent for Amazon EC2 instance](managing-gdu-agent-ec2-automated.md) + [Managing security agent manually for Amazon EC2 resource](managing-gdu-agent-ec2-manually.md) + [Managing automated security agent for Fargate (Amazon ECS only)](managing-gdu-agent-ecs-automated.md) + [Managing security agent automatically for Amazon EKS resources](managing-gdu-agent-eks-automatically.md) + [Managing security agent manually for Amazon EKS cluster](managing-gdu-agent-eks-manually.md) ## For all member accounts **To enable Runtime Monitoring for all member accounts in the organization** 1. Sign in to the Amazon Web Services Management Console and open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). Sign in using the delegated GuardDuty administrator account. 1. In the navigation pane, choose **Runtime Monitoring**. 1. On the Runtime Monitoring page, under the **Configuration** tab, choose **Edit** in the **Runtime Monitoring configuration** section. 1. Choose **Enable for all accounts**. 1. For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources: **To enable GuardDuty security agent** + [Enabling automated security agent for Amazon EC2 instance](managing-gdu-agent-ec2-automated.md) + [Managing security agent manually for Amazon EC2 resource](managing-gdu-agent-ec2-manually.md) + [Managing automated security agent for Fargate (Amazon ECS only)](managing-gdu-agent-ecs-automated.md) + [Managing security agent automatically for Amazon EKS resources](managing-gdu-agent-eks-automatically.md) + [Managing security agent manually for Amazon EKS cluster](managing-gdu-agent-eks-manually.md) ## For all existing active member accounts **To enable Runtime Monitoring for existing member accounts in the organization** 1. Sign in to the Amazon Web Services Management Console and open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). Sign in using the delegated GuardDuty administrator account for the organization. 1. In the navigation pane, choose **Runtime Monitoring**. 1. On the **Runtime Monitoring** page, under the **Configuration** tab, you can view the current status of the Runtime Monitoring configuration. 1. Within the Runtime Monitoring pane, under the **Active member accounts** section, choose **Actions**. 1. From the **Actions** dropdown menu, choose **Enable for all existing active member accounts**. 1. Choose **Confirm**. 1. For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources: **To enable GuardDuty security agent** + [Enabling automated security agent for Amazon EC2 instance](managing-gdu-agent-ec2-automated.md) + [Managing security agent manually for Amazon EC2 resource](managing-gdu-agent-ec2-manually.md) + [Managing automated security agent for Fargate (Amazon ECS only)](managing-gdu-agent-ecs-automated.md) + [Managing security agent automatically for Amazon EKS resources](managing-gdu-agent-eks-automatically.md) + [Managing security agent manually for Amazon EKS cluster](managing-gdu-agent-eks-manually.md) **Note** It may take up to 24 hours to update the configuration for the member accounts. ## Auto-enable Runtime Monitoring for new member accounts only **To enable Runtime Monitoring for new member accounts in your organization** 1. Sign in to the Amazon Web Services Management Console and open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). Sign in using the designated delegated GuardDuty administrator account of the organization. 1. In the navigation pane, choose **Runtime Monitoring** 1. Under the **Configuration** tab, choose **Edit** in the **Runtime Monitoring configuration** section. 1. Choose **Configure accounts manually**. 1. Select **Automatically enable for new member accounts**. 1. For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources: **To enable GuardDuty security agent** + [Enabling automated security agent for Amazon EC2 instance](managing-gdu-agent-ec2-automated.md) + [Managing security agent manually for Amazon EC2 resource](managing-gdu-agent-ec2-manually.md) + [Managing automated security agent for Fargate (Amazon ECS only)](managing-gdu-agent-ecs-automated.md) + [Managing security agent automatically for Amazon EKS resources](managing-gdu-agent-eks-automatically.md) + [Managing security agent manually for Amazon EKS cluster](managing-gdu-agent-eks-manually.md) ## For selective active member accounts only **To enable Runtime Monitoring for individual active member accounts** 1. Open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). Sign in using the delegated GuardDuty administrator account credentials. 1. In the navigation pane, choose **Accounts**. 1. On the **Accounts** page, review values in the **Runtime Monitoring** and **Manage agent automatically** columns. These values indicate whether Runtime Monitoring and GuardDuty agent management are **Enabled** or **Not enabled** for the corresponding account. 1. From the Accounts table, select the account for which you want to enable Runtime Monitoring. You can choose multiple accounts at a time. 1. Choose **Confirm**. 1. Choose **Edit protection plans**. Choose the appropriate action. 1. Choose **Confirm**. 1. For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources: **To enable GuardDuty security agent** + [Enabling automated security agent for Amazon EC2 instance](managing-gdu-agent-ec2-automated.md) + [Managing security agent manually for Amazon EC2 resource](managing-gdu-agent-ec2-manually.md) + [Managing automated security agent for Fargate (Amazon ECS only)](managing-gdu-agent-ecs-automated.md) + [Managing security agent automatically for Amazon EKS resources](managing-gdu-agent-eks-automatically.md) + [Managing security agent manually for Amazon EKS cluster](managing-gdu-agent-eks-manually.md) # Enabling Runtime Monitoring for a standalone account A standalone account owns the decision to enable or disable a protection plan in their Amazon Web Services account in a specific Amazon Web Services Region. If your account is associated with a GuardDuty administrator account through Amazon Organizations, or by the method of invitation, this section doesn't apply to your account. For more information, see [Enabling Runtime Monitoring for multiple-account environments](enable-runtime-monitoring-multiple-acc-env.md). After you enable Runtime Monitoring, ensure to install GuardDuty security agent through automated configuration or manual deployment. As a part of completing all the steps listed in the following procedure, make sure to install the security agent. **To enable Runtime Monitoring in standalone account** 1. Sign in to the Amazon Web Services Management Console and open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). 1. In the navigation pane, choose **Runtime Monitoring**. 1. Under the **Configuration** tab, choose **Enable** to enable Runtime Monitoring for your account. 1. For GuardDuty to receive the runtime events from one or more resource types – an Amazon EC2 instance, Amazon ECS cluster, or an Amazon EKS cluster, use the following options to manage the security agent for these resources: **To enable GuardDuty security agent** + [Enabling automated security agent for Amazon EC2 instance](managing-gdu-agent-ec2-automated.md) + [Managing security agent manually for Amazon EC2 resource](managing-gdu-agent-ec2-manually.md) + [Managing automated security agent for Fargate (Amazon ECS only)](managing-gdu-agent-ecs-automated.md) + [Managing security agent automatically for Amazon EKS resources](managing-gdu-agent-eks-automatically.md) + [Managing security agent manually for Amazon EKS cluster](managing-gdu-agent-eks-manually.md)