CreateMembers
Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
As a delegated administrator, using CreateMembers will enable GuardDuty in
the added member accounts, with the exception of the
organization delegated administrator account. A delegated administrator must enable GuardDuty
prior to being added as a member.
When you use CreateMembers as an AWS Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration.
If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
When the member accounts added through AWS Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
Request Syntax
POST /detector/detectorId/member HTTP/1.1
Content-type: application/json
{
"accountDetails": [
{
"accountId": "string",
"email": "string"
}
]
}URI Request Parameters
The request uses the following URI parameters.
- detectorId
-
The unique ID of the detector of the GuardDuty account for which you want to associate member accounts.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.Length Constraints: Minimum length of 1. Maximum length of 300.
Required: Yes
Request Body
The request accepts the following data in JSON format.
- accountDetails
-
A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.
Type: Array of AccountDetail objects
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"unprocessedAccounts": [
{
"accountId": "string",
"result": "string"
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- unprocessedAccounts
-
A list of objects that include the
accountIdsof the unprocessed accounts and a result string that explains why each was unprocessed.Type: Array of UnprocessedAccount objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Errors
For information about the errors that are common to all actions, see Common Errors.
- BadRequestException
-
A bad request exception object.
HTTP Status Code: 400
- InternalServerErrorException
-
An internal server error exception object.
HTTP Status Code: 500
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
