AWS::Detective::OrganizationAdmin
The AWS::Detective::OrganizationAdmin resource is an Amazon Detective resource type that
designates the Detective administrator account for the organization in the current region.
If the account does not have Detective enabled, then this resource enables Detective
for that account and creates a new behavior graph.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Detective::OrganizationAdmin", "Properties" : { "AccountId" :String} }
YAML
Type: AWS::Detective::OrganizationAdmin Properties: AccountId:String
Properties
AccountId-
The AWS account identifier of the account to designate as the Detective administrator account for the organization.
Required: Yes
Type: String
Pattern:
[0-9]{12}Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the behavior graph and the member account
identifier, separated by a pipe character ('|').
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
GraphArn-
The ARN of the behavior graph to invite the account to contribute data to.
Examples
Designating a Detective administrator account for the organization in the current region
This example shows how to declare a new AWS::Detective::OrganizationAdmin resource to designate a
Detective administrator account for the organization in the current region.
JSON
"OrganizationAdmin": { "Type": "AWS::Detective::OrganizationAdmin", "Properties": { "AccountId" : "123456789101" } }
YAML
OrganizationAdmin: Type: AWS::Detective::OrganizationAdmin Properties: AccountId: 123456789101
