AWS::Detective::MemberInvitation
The AWS::Detective::MemberInvitation resource is an Amazon Detective
resource type that creates an invitation to join a Detective behavior graph. The
administrator account can choose whether to send an email notification of the invitation
to the root user email address of the AWS account.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Detective::MemberInvitation", "Properties" : { "DisableEmailNotification" :Boolean, "GraphArn" :String, "MemberEmailAddress" :String, "MemberId" :String, "Message" :String} }
YAML
Type: AWS::Detective::MemberInvitation Properties: DisableEmailNotification:BooleanGraphArn:StringMemberEmailAddress:StringMemberId:StringMessage:String
Properties
DisableEmailNotification-
Whether to send an invitation email to the member account. If set to true, the member account does not receive an invitation email.
Required: No
Type: Boolean
Update requires: No interruption
GraphArn-
The ARN of the behavior graph to invite the account to contribute data to.
Required: Yes
Type: String
Pattern:
arn:aws(-[\w]+)*:detective:(([a-z]+-)+[0-9]+):[0-9]{12}:graph:[0-9a-f]{32}Update requires: Replacement
MemberEmailAddress-
The root user email address of the invited account. If the email address provided is not the root user email address for the provided account, the invitation creation fails.
Required: Yes
Type: String
Pattern:
.*@.*Update requires: No interruption
MemberId-
The AWS account identifier of the invited account
Required: Yes
Type: String
Pattern:
[0-9]{12}Update requires: Replacement
Message-
Customized text to include in the invitation email message.
Required: No
Type: String
Minimum:
1Maximum:
1000Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the behavior graph and the member account
identifier, separated by a pipe character ('|').
For more information about using the Ref function, see Ref.
Examples
Sending a behavior graph invitation to a member account
This example shows how to declare a new
AWS:Detective:MemberInvitation resource to create a new
invitation to a member account and send an email notification.
JSON
"MemberInvitation": { "Type": "AWS::Detective::MemberInvitation", "Properties": { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899", "MemberId": "444455556666", "MemberEmailAddress": "mmajor@example.com", "Message": "This is Paul Santos. I need to add your account to the data we use for security investigation in Detective. If you have any questions, contact me at psantos@example.com." } }
YAML
MemberInvitation: Type: AWS::Detective::MemberInvitation Properties: GraphArn: "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" MemberId: 444455556666 MemberEmailAddress: mmajor@example.com Message: This is Paul Santos. I need to add your account to the data we use for security investigation in Detective. If you have any questions, contact me at psantos@example.com.
Blocking the email notification of an invitation to a member account
This example shows how to declare a new
AWS:Detective:MemberInvitation resource to create a new
invitation to a member account. The email notification is blocked.
JSON
"MemberInvitation": { "Type": "AWS::Detective::MemberInvitation", "Properties": { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899", "MemberId": "444455556666", "MemberEmailAddress": "mmajor@example.com", "DisableEmailNotification": "true" } }
YAML
MemberInvitation: Type: AWS::Detective::MemberInvitation Properties: GraphArn: "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" MemberId: 444455556666 MemberEmailAddress: mmajor@example.com DisableEmailNotification: true
