AWS::Detective::MemberInvitation - AWS CloudFormation


The AWS::Detective::MemberInvitation resource is an Amazon Detective resource type that creates an invitation to join a Detective behavior graph. The administrator account can choose whether to send an email notification of the invitation to the root user email address of the AWS account.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::Detective::MemberInvitation", "Properties" : { "DisableEmailNotification" : Boolean, "GraphArn" : String, "MemberEmailAddress" : String, "MemberId" : String, "Message" : String } }


Type: AWS::Detective::MemberInvitation Properties: DisableEmailNotification: Boolean GraphArn: String MemberEmailAddress: String MemberId: String Message: String



Whether to send an invitation email to the member account. If set to true, the member account does not receive an invitation email.

Required: No

Type: Boolean

Update requires: No interruption


The ARN of the behavior graph to invite the account to contribute data to.

Required: Yes

Type: String

Pattern: arn:aws(-[\w]+)*:detective:(([a-z]+-)+[0-9]+):[0-9]{12}:graph:[0-9a-f]{32}

Update requires: Replacement


The root user email address of the invited account. If the email address provided is not the root user email address for the provided account, the invitation creation fails.

Required: Yes

Type: String

Pattern: .*@.*

Update requires: No interruption


The AWS account identifier of the invited account

Required: Yes

Type: String

Pattern: [0-9]{12}

Update requires: Replacement


Customized text to include in the invitation email message.

Required: No

Type: String

Minimum: 1

Maximum: 1000

Update requires: No interruption

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the behavior graph and the member account identifier, separated by a pipe character ('|').

For more information about using the Ref function, see Ref.


Sending a behavior graph invitation to a member account

This example shows how to declare a new AWS:Detective:MemberInvitation resource to create a new invitation to a member account and send an email notification.


"MemberInvitation": { "Type": "AWS::Detective::MemberInvitation", "Properties": { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899", "MemberId": "444455556666", "MemberEmailAddress": "", "Message": "This is Paul Santos. I need to add your account to the data we use for security investigation in Detective. If you have any questions, contact me at" } }


MemberInvitation: Type: AWS::Detective::MemberInvitation Properties: GraphArn: "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" MemberId: 444455556666 MemberEmailAddress: Message: This is Paul Santos. I need to add your account to the data we use for security investigation in Detective. If you have any questions, contact me at

Blocking the email notification of an invitation to a member account

This example shows how to declare a new AWS:Detective:MemberInvitation resource to create a new invitation to a member account. The email notification is blocked.


"MemberInvitation": { "Type": "AWS::Detective::MemberInvitation", "Properties": { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899", "MemberId": "444455556666", "MemberEmailAddress": "", "DisableEmailNotification": "true" } }


MemberInvitation: Type: AWS::Detective::MemberInvitation Properties: GraphArn: "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" MemberId: 444455556666 MemberEmailAddress: DisableEmailNotification: true