Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::GuardDuty::Member

You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty master account. If the value of the Status property is not provided or set to CREATED, a member account is only created. If the value of the Status property is set to INVITED, a member account is created and invited. AWS::GuardDuty::Member resource has to be created with the Status property set to INVITED before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::GuardDuty::Member", "Properties" : { "Status" : String, "MemberId" : String, "Email" : String, "Message" : String, "DetectorId" : String, "DisableEmailNotification" : Boolean } }

YAML

Type: AWS::GuardDuty::Member Properties: Status: String MemberId: String Email: String Message: String DetectorId: String DisableEmailNotification: Boolean

Properties

Status

You can use this property to update the status of the relationship between the member account and its master account. Valid values are CREATED | INVITED | DISABLED | ENABLED | REMOVED | RESIGNED. If the value for this property is not provided or set to CREATED, a member account is only created. If the value of this property is set to INVITED, a member account is created and invited.

Required: No

Type: String

Update requires: No interruption

MemberId

The account ID of the member GuardDuty account.

Required: Yes

Type: String

Update requires: Replacement

Email

The email address of the GuardDuty member account.

Required: Yes

Type: String

Update requires: Replacement

Message

The invitation message that you want to send to the account that you invite to GuardDuty as a member.

Required: No

Type: String

Update requires: No interruption

DetectorId

The unique ID of the detector in a GuardDuty master account.

Required: Yes

Type: String

Update requires: Replacement

DisableEmailNotification

Specifies whether an email notification is sent to the accounts that you want to invite to GuardDuty as members. When set to 'True', email notification is not sent to the invitees.

Required: No

Type: Boolean

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of an AWS::GuardDuty::Member resource to the intrinsic Ref function, the function returns the unique ID of the GuardDuty member account, such as 012345678901.

For more information about using the Ref function, see Ref.

Examples

Declaring a GuardDuty Member Resource

The following example shows how to declare an AWS::GuardDuty::Member resource to create a GuardDuty member account.

JSON

"GDmaster": { "Type": "AWS::GuardDuty::Member", "Properties": { "Status": "Invited", "MemberId": "012345678901", "Email": "guarddutymember@amazon.com", "Message": "You are invited to enable Amazon Guardduty.", "DetectorId": "a12abc34d567e8fa901bc2d34e56789f0", "DisableEmailNotification": true } }

YAML

GDmaster: Type: AWS::GuardDuty::Member Properties: Status: "Invited" MemberId: "012345678901" Email: "guarddutymember@amazon.com" Message: "You are invited to enable Amazon Guardduty." DetectorId: "a12abc34d567e8fa901bc2d34e56789f0" DisableEmailNotification: true