Troubleshooting Amazon GuardDuty - Amazon GuardDuty
I want to enable Malware Protection but receive an iam:GetRole error.I want to manage multiple accounts but don't have required Amazon Organizations master permission.I am an administrator who needs to enable Malware Protection but doesn't use Amazon managed policy: AmazonGuardDutyFullAccess to manage GuardDuty. Other troubleshooting issues
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Troubleshooting Amazon GuardDuty

When you receive issues related to performing an action specific to GuardDuty, consult the topics in this section.

I want to enable Malware Protection but receive an iam:GetRole error.

If you receive this error – Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection, it means that you're missing the permission to enable Malware Protection for new detectors. Verify that the policy attached to your IAM role is the same as Amazon managed policy: AmazonGuardDutyFullAccess.

I want to manage multiple accounts but don't have required Amazon Organizations master permission.

If you receive this error – The request failed because you do not have required AWS Organization master permission., it means that you're missing the permission to enable Malware Protection for multiple accounts in your organization. For more information on providing permission to the management account, see Establishing trusted access to enable Malware Protection.

I am an administrator who needs to enable Malware Protection but doesn't use Amazon managed policy: AmazonGuardDutyFullAccess to manage GuardDuty.

GuardDuty provides the following two approaches to enable Malware Protection:

Other troubleshooting issues

If you don't find a scenario suitable to your issue, view the following troubleshooting options: