InviteMembers
Invites AWS accounts to become members of an organization administered by the AWS account that invokes this API. If you are using AWS Organizations to manage your GuardDuty environment, this step is not needed. For more information, see Managing accounts with organizations.
To invite AWS accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited AWS account can choose to accept the invitation from only one AWS account. For more information, see Managing GuardDuty accounts by invitation.
After the invite has been accepted and you choose to disassociate a member account (by using DisassociateMembers) from your account, the details of the member account obtained by invoking CreateMembers, including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke CreateMembers again. To remove the details associated with a member account, you must also invoke DeleteMembers.
If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
When the member accounts added through AWS Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
Request Syntax
POST /detector/detectorId/member/invite HTTP/1.1
Content-type: application/json
{
"accountIds": [ "string" ],
"disableEmailNotification": boolean,
"message": "string"
}URI Request Parameters
The request uses the following URI parameters.
- detectorId
-
The unique ID of the detector of the GuardDuty account with which you want to invite members.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.Length Constraints: Minimum length of 1. Maximum length of 300.
Required: Yes
Request Body
The request accepts the following data in JSON format.
- accountIds
-
A list of account IDs of the accounts that you want to invite to GuardDuty as members.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Length Constraints: Fixed length of 12.
Required: Yes
- disableEmailNotification
-
A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.
Type: Boolean
Required: No
- message
-
The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
Type: String
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"unprocessedAccounts": [
{
"accountId": "string",
"result": "string"
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- unprocessedAccounts
-
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
Type: Array of UnprocessedAccount objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Errors
For information about the errors that are common to all actions, see Common Errors.
- BadRequestException
-
A bad request exception object.
HTTP Status Code: 400
- InternalServerErrorException
-
An internal server error exception object.
HTTP Status Code: 500
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
