organization_configuration#

Exec module for managing Organization Configuration.

async idem_aws.exec.aws.guardduty.organization_configuration.update(hub, ctx, resource_id: str, auto_enable: bool, data_sources: ~types.Describes which data sources will be enabled for the detector.DataSourceConfiguration = None, org_conf=None) Dict[str, Any][source]#

Updates the delegated administrator account with the values provided.

Parameters:

  • resource_id (str) – The ID of the detector to update the delegated administrator for.

  • auto_enable (bool) – Indicates whether to automatically enable member accounts in the organization.

  • data_sources (dict, Optional) –

    Describes which data sources will be updated.

    • S3Logs (dict, Optional):

      Describes whether S3 data event logs are enabled as a data source.

      • Enable (bool): The status of S3 data event logs as a data source.

    • Kubernetes (dict, Optional):

      Describes whether any Kubernetes logs are enabled as data sources.

      • AuditLogs (dict):

        The status of Kubernetes audit logs as a data source.

        • Enable (bool):

          The status of Kubernetes audit logs as a data source.

    • MalwareProtection (dict, Optional):

      Describes whether Malware Protection is enabled as a data source.

      • ScanEc2InstanceWithFindings (dict, Optional):

        Describes the configuration of Malware Protection for EC2 instances with findings.

        EbsVolumes (bool, Optional):

        Describes the configuration for scanning EBS volumes as data source.

  • org_conf (Optional) – Describes current state of Organization Configuration.

Returns:

Returns organization Configuration in updated format.

Return type:

Dict[str, Any]

Examples

Calling this exec module function from the cli.

my_unmanaged_resources:
  exec.run:
    - path: aws.guardduty.organization_configuration.update
    - kwargs:
        - resource_id: 'string'
        - auto_enable: True|False
        - data_sources:
            S3Logs:
                Enable: True|False
            Kubernetes:
                AuditLogs:
                    Enable: True|False
            MalwareProtection:
                ScanEc2InstanceWithFindings:
                    EbsVolumes: True|False
async idem_aws.exec.aws.guardduty.organization_configuration.get(hub, ctx, resource_id: str) Dict[source]#

Returns information about the account selected as the delegated administrator for GuardDuty.

Parameters:

resource_id (str) – AWS Detector ID to identify the resource.

Returns:

Returns organization Configuration in updated format

Return type:

Dict[str, Any]

Examples

Calling from the CLI:

$ idem exec aws.guardduty.organization_configuration.get resource_id="detector_id"

Using in a state:

my_unmanaged_resource:
  exec.run:
    - path: aws.guardduty.organization_configuration.get
    - kwargs:
        resource_id: "detector_id"