Troubleshooting Amazon GuardDuty
When you receive issues related to performing an action specific to GuardDuty, consult the topics in this section.
Topics
- I want to enable Malware Protection but receive an iam:GetRole error.
- I want to manage multiple accounts but don't have required Amazon Organizations master permission.
- I am an administrator who needs to enable Malware Protection but doesn't use Amazon managed policy: AmazonGuardDutyFullAccess to manage GuardDuty.
- Other troubleshooting issues
I want to enable Malware Protection but receive an
iam:GetRole
error.
If you receive this error – Unable to get role:
AWSServiceRoleForAmazonGuardDutyMalwareProtection
, it means that you're missing the
permission to enable Malware Protection for new detectors. Verify that the policy attached to your IAM
role is the same as Amazon managed policy:
AmazonGuardDutyFullAccess.
I want to manage multiple accounts but don't have required Amazon Organizations master permission.
If you receive this error – The request failed because you do not have required
AWS Organization master permission.
, it means that you're missing the permission to
enable Malware Protection for multiple accounts in your organization. For more information on providing
permission to the management account, see Establishing trusted access
to enable Malware Protection.
I am an administrator who needs to enable Malware Protection but doesn't use Amazon managed policy: AmazonGuardDutyFullAccess to manage GuardDuty.
GuardDuty provides the following two approaches to enable Malware Protection:
-
Configure the IAM role that you use with GuardDuty to have the required permissions to enable Malware Protection. For more information on the required permissions, see Creating a service-linked role for Malware Protection.
-
Attach the Amazon managed policy: AmazonGuardDutyFullAccess to your IAM role. This will allow you to enable Malware Protection for the member accounts.
Other troubleshooting issues
If you don't find a scenario suitable to your issue, view the following troubleshooting options:
-
For general IAM issues when you access the https://console.amazonaws.cn/guardduty/
, see Troubleshooting Amazon GuardDuty identity and access. -
For authentication and authorization issues when you access Amazon Amazon Web Services Console Home, see Troubleshooting IAM.