AWS::GuardDuty::Member - AWS CloudFormation

AWS::GuardDuty::Member

You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty master account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::GuardDuty::Member", "Properties" : { "DetectorId" : String, "DisableEmailNotification" : Boolean, "Email" : String, "MemberId" : String, "Message" : String, "Status" : String } }

YAML

Type: AWS::GuardDuty::Member Properties: DetectorId: String DisableEmailNotification: Boolean Email: String MemberId: String Message: String Status: String

Properties

DetectorId

The ID of the detector associated with the GuardDuty service to add the member to.

Required: Yes

Type: String

Update requires: Replacement

DisableEmailNotification

Specifies whether or not to disable email notification for the member account that you invite.

Required: No

Type: Boolean

Update requires: No interruption

Email

The email address associated with the member account.

Required: Yes

Type: String

Update requires: Replacement

MemberId

The AWS account ID of the account to designate as a member.

Required: Yes

Type: String

Update requires: Replacement

Message

The message to include with the invitation sent to the member accounts.

Required: No

Type: String

Update requires: No interruption

Status

You can use the Status property to update the status of the relationship between the member account and its master account. Valid values are Created and Invited when using a AWS::GuardDuty::Member resource. If the value for this property is not provided or set to Created, a member account is created but not invited. If the value of this property is set to Invited, a member account is created and invited.

Required: No

Type: String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique ID of the GuardDuty member account, such as 012345678901.

For more information about using the Ref function, see Ref.

Examples

Declare a Member Resource

The following example shows how to declare a GuardDuty Member resource:

JSON

"GDmaster": { "Type": "AWS::GuardDuty::Member", "Properties": { "Status": "Invited", "MemberId": "012345678901", "Email": "guarddutymember@amazon.com", "Message": "You are invited to enable Amazon Guardduty.", "DetectorId": "a12abc34d567e8fa901bc2d34e56789f0", "DisableEmailNotification": true } }

YAML

Type: AWS::GuardDuty::Member Properties: Status: String MemberId: String Email: String Message: String DetectorId: String DisableEmailNotification: Boolean