in aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py [0:0]
def enable_organization_admin_account(admin_account_id: str, available_regions: list):
"""
Enable delegated admin account for each region
:param admin_account_id:
:param available_regions:
:return: None
"""
# Loop through the regions and enable GuardDuty
for region in available_regions:
try:
guardduty = get_service_client("guardduty", region)
response = guardduty.list_organization_admin_accounts()
if not response["AdminAccounts"]:
enable_admin_account = True
logger.info(f"GuardDuty delegated admin {admin_account_id} enabled in {region}")
else:
admin_account = [admin_account for admin_account in response["AdminAccounts"]
if admin_account["AdminAccountId"] == admin_account_id]
if admin_account:
enable_admin_account = False
logger.info(f"GuardDuty delegated admin {admin_account_id} already enabled in {region}")
else:
enable_admin_account = True
if enable_admin_account:
guardduty.enable_organization_admin_account(AdminAccountId=admin_account_id)
except Exception as error:
logger.error(f"GuardDuty Exception {region}: {error}")
raise ValueError(f"GuardDuty API Exception. Review logs for details.")