This documentation is for Version 1 of the AWS CLI only. For documentation related to Version 2 of the AWS CLI, see the Version 2 User Guide.
Detective examples using AWS CLI
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with Detective.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use accept-invitation
.
- AWS CLI
-
To accept an invitation to become a member account in a behavior graph
The following
accept-invitation
example accepts an invitation to become a member account in behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234.aws detective accept-invitation \ --graph-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
This command produces no output.
For more information, see Responding to a behavior graph invitation in the Amazon Detective Administration Guide.
-
For API details, see AcceptInvitation
in AWS CLI Command Reference.
-
The following code example shows how to use create-graph
.
- AWS CLI
-
To enable Amazon Detective and create a new behavior graph
The following
create-graph
example enables Detective for the AWS account that runs the command in the Region where the command is run. A new behavior graph is created that has that account as its administrator account. The command also assigns the value Finance to the Department tag.aws detective create-graph \ --tags '
{"Department": "Finance"}
'Output:
{ "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" }
For more information, see Enabling Amazon Detective in the Amazon Detective Administration Guide.
-
For API details, see CreateGraph
in AWS CLI Command Reference.
-
The following code example shows how to use create-members
.
- AWS CLI
-
To invite member accounts to a behavior graph
The following
create-members
example invites two AWS accounts to become member accounts in the behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234. For each account, the request provides the AWS account ID and the account root user email address. The request includes a custom message to insert into the invitation email.aws detective create-members \ --accounts
AccountId=444455556666,EmailAddress=mmajor@example.com
AccountId=123456789012,EmailAddress=jstiles@example.com
\ --graph-arnarn:aws:detective:us-east-1:111122223333:graph:123412341234
\ --message"This is Paul Santos. I need to add your account to the data we use for security investigation in Amazon Detective. If you have any questions, contact me at psantos@example.com."
Output:
{ "Members": [ { "AccountId": "444455556666", "AdministratorId": "111122223333", "EmailAddress": "mmajor@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "INVITED", "UpdatedTime": 1579826107000 }, { "AccountId": "123456789012", "AdministratorId": "111122223333", "EmailAddress": "jstiles@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "VERIFICATION_IN_PROGRESS", "UpdatedTime": 1579826107000 } ], "UnprocessedAccounts": [ ] }
For more information, see Inviting member accounts to a behavior graph<https://docs.aws.amazon.com/detective/latest/adminguide/graph-admin-add-member-accounts.html> in the Amazon Detective Administration Guide.
To invite member accounts without sending invitation emails
The following
create-members
example invites two AWS accounts to become member accounts in the behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234. For each account, the request provides the AWS account ID and the account root user email address. The member accounts do not receive invitation emails.aws detective create-members \ --accounts
AccountId=444455556666,EmailAddress=mmajor@example.com
AccountId=123456789012,EmailAddress=jstiles@example.com
\ --graph-arnarn:aws:detective:us-east-1:111122223333:graph:123412341234
\ --disable-email-notificationOutput:
{ "Members": [ { "AccountId": "444455556666", "AdministratorId": "111122223333", "EmailAddress": "mmajor@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "INVITED", "UpdatedTime": 1579826107000 }, { "AccountId": "123456789012", "AdministratorId": "111122223333", "EmailAddress": "jstiles@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "VERIFICATION_IN_PROGRESS", "UpdatedTime": 1579826107000 } ], "UnprocessedAccounts": [ ] }
For more information, see Inviting member accounts to a behavior graph<https://docs.aws.amazon.com/detective/latest/adminguide/graph-admin-add-member-accounts.html> in the Amazon Detective Administration Guide.
-
For API details, see CreateMembers
in AWS CLI Command Reference.
-
The following code example shows how to use delete-graph
.
- AWS CLI
-
To disable Detective and delete the behavior graph
The following
delete-graph
example disables Detective and deletes the specified behavior graph.aws detective delete-graph \ --graph-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
This command produces no output.
For more information, see Disabling Amazon Detective in the Amazon Detective Administration Guide.
-
For API details, see DeleteGraph
in AWS CLI Command Reference.
-
The following code example shows how to use delete-members
.
- AWS CLI
-
To remove member accounts from a behavior graph
The following
delete-members
example removes two member accounts from the behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234. To identify the accounts, the request provides the AWS account IDs.aws detective delete-members \ --account-ids
444455556666
123456789012
\ --graph-arnarn:aws:detective:us-east-1:111122223333:graph:123412341234
Output:
{ "AccountIds": [ "444455556666", "123456789012" ], "UnprocessedAccounts": [ ] }
For more information, see Removing member accounts from a behavior graph<https://docs.aws.amazon.com/detective/latest/adminguide/graph-admin-remove-member-accounts.html> in the Amazon Detective Administration Guide.
-
For API details, see DeleteMembers
in AWS CLI Command Reference.
-
The following code example shows how to use disassociate-membership
.
- AWS CLI
-
To resign membership from a behavior graph
The following disassociate-membership example removes the AWS account that runs the command from the behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234.
aws detective disassociate-membership \ --graph-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
For more information, see Removing your account from a behavior graph<https://docs.aws.amazon.com/detective/latest/adminguide/member-remove-self-from-graph.html> in the Amazon Detective Administration Guide.
-
For API details, see DisassociateMembership
in AWS CLI Command Reference.
-
The following code example shows how to use get-members
.
- AWS CLI
-
To retrieve information about selected behavior graph member accounts
The following
get-members
example retrieves information about two member accounts in the behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234. For the two accounts, the request provides the AWS account IDs.aws detective get-members \ --account-ids
444455556666
123456789012
\ --graph-arnarn:aws:detective:us-east-1:111122223333:graph:123412341234
Output:
{ "MemberDetails": [ { "AccountId": "444455556666", "AdministratorId": "111122223333", "EmailAddress": "mmajor@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "INVITED", "UpdatedTime": 1579826107000 } { "AccountId": "123456789012", "AdministratorId": "111122223333", "EmailAddress": "jstiles@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "INVITED", "UpdatedTime": 1579826107000 } ], "UnprocessedAccounts": [ ] }
For more information, see Viewing the list of accounts in a behavior graph<https://docs.aws.amazon.com/detective/latest/adminguide/graph-admin-view-accounts.html> in the Amazon Detective Administration Guide.
-
For API details, see GetMembers
in AWS CLI Command Reference.
-
The following code example shows how to use list-graphs
.
- AWS CLI
-
To view a list of behavior graphs that your account is the administrator for
The following
list-graphs
example retrieves the behavior graphs that the calling account is the administrator for within the current Region.aws detective list-graphs
Output:
{ "GraphList": [ { "Arn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "CreatedTime": 1579736111000 } ] }
-
For API details, see ListGraphs
in AWS CLI Command Reference.
-
The following code example shows how to use list-invitations
.
- AWS CLI
-
To view a list of behavior graphs that an account is a member of or is invited to
The following
list-invitations
example retrieves the behavior graphs that the calling account has been invited to. The results include only open and accepted invitations. They do not include rejected invitations or removed memberships.aws detective list-invitations
Output:
{ "Invitations": [ { "AccountId": "444455556666", "AdministratorId": "111122223333", "EmailAddress": "mmajor@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "INVITED", "UpdatedTime": 1579826107000 } ] }
For more information, see Viewing your list of behavior graph invitations<https://docs.aws.amazon.com/detective/latest/adminguide/member-view-graph-invitations.html> in the Amazon Detective Administration Guide.
-
For API details, see ListInvitations
in AWS CLI Command Reference.
-
The following code example shows how to use list-members
.
- AWS CLI
-
To list the member accounts in a behavior graph
The following
list-members
example retrieves the invited and enabled member accounts for the behavior grapharn:aws:detective:us-east-1:111122223333:graph:123412341234
. The results do not include member accounts that were removed.aws detective list-members \ --graph-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
Output:
{ "MemberDetails": [ { "AccountId": "444455556666", "AdministratorId": "111122223333", "EmailAddress": "mmajor@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "Status": "INVITED", "UpdatedTime": 1579826107000 }, { "AccountId": "123456789012", "AdministratorId": "111122223333", "EmailAddress": "jstiles@example.com", "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:123412341234", "InvitedTime": 1579826107000, "MasterId": "111122223333", "PercentOfGraphUtilization": 2, "PercentOfGraphUtilizationUpdatedTime": 1586287843, "Status": "ENABLED", "UpdatedTime": 1579973711000, "VolumeUsageInBytes": 200, "VolumeUsageUpdatedTime": 1586287843 } ] }
For more information, see Viewing the list of accounts in a behavior graph in the Amazon Detective Administration Guide.
-
For API details, see ListMembers
in AWS CLI Command Reference.
-
The following code example shows how to use list-tags-for-resource
.
- AWS CLI
-
To retrieve the tags assigned to a behavior graph
The following
list-tags-for-resource
example returns the tags assigned to the specified behavior graph.aws detective list-tags-for-resource \ --resource-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
Output:
{ "Tags": { "Department" : "Finance" } }
For more information, see Managing tags for a behavior graph in the Amazon Detective Administration Guide.
-
For API details, see ListTagsForResource
in AWS CLI Command Reference.
-
The following code example shows how to use reject-invitation
.
- AWS CLI
-
To reject an invitation to become a member account in a behavior graph
The following
reject-invitation
example rejects an invitation to become a member account in the behavior graph arn:aws:detective:us-east-1:111122223333:graph:123412341234.aws detective reject-invitation \ --graph-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
This command produces no output.
For more information, see Responding to a behavior graph invitation<https://docs.aws.amazon.com/detective/latest/adminguide/member-invitation-response.html> in the Amazon Detective Administration Guide.
-
For API details, see RejectInvitation
in AWS CLI Command Reference.
-
The following code example shows how to use tag-resource
.
- AWS CLI
-
To assign a tag to a resource
The following
tag-resource
example assigns a value for the Department tag to the specified behavior graph.aws detective tag-resource \ --resource-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
\ --tags '{"Department":"Finance"}
'This command produces no output.
For more information, see Managing tags for a behavior graph in the Amazon Detective Administration Guide.
-
For API details, see TagResource
in AWS CLI Command Reference.
-
The following code example shows how to use untag-resource
.
- AWS CLI
-
To remove a tag value from a resource
The following
untag-resource
example removes the Department tag from the specified behavior graph.aws detective untag-resource \ --resource-arn
arn:aws:detective:us-east-1:111122223333:graph:123412341234
\ --tag-keys"Department"
This command produces no output.
For more information, see Managing tags for a behavior graph in the Amazon Detective Administration Guide.
-
For API details, see UntagResource
in AWS CLI Command Reference.
-