Prerequisites for using shared VPC
Prerequisites for initial setup
Perform the following steps in the Amazon Web Services account that you want to be the owner of the shared VPC:
-
Creating an organization – Create an organization by following the steps in Creating and managing an organization in the Amazon Organizations User Guide.
For information about adding or removing member accounts, see Managing Amazon Web Services accounts in your organization.
-
Creating a shared VPC resource – You can create a shared VPC resource from the owner account. For more information, see Share your VPC with other accounts in the Amazon VPC User Guide.
Prerequisites specific to GuardDuty Runtime Monitoring
The following list provides the prerequisites that are specific to GuardDuty:
-
The owner account of the shared VPC and the participating account can be from different organizations in GuardDuty. However, they must belong to the same organization in Amazon Organizations. This is required for GuardDuty to create an Amazon VPC endpoint and a security group for the shared VPC. For information about how shared VPCs work, see Share your VPC with other accounts in Amazon VPC User Guide.
-
Enable Runtime Monitoring or EKS Runtime Monitoring, and GuardDuty automated agent configuration for any resource in the shared VPC owner account and the participant account. For more information, see Enabling Runtime Monitoring.
If you have already completed these configurations, continue with the next step.
-
When working with either an Amazon EKS or an Amazon ECS (Amazon Fargate only) task, make sure to choose the shared VPC resource associated with the owner account and select its subnets.